Comprehensive Guide to Nginx Rewrite, Anti‑Hotlinking, Static/Dynamic Separation, and Keepalived High‑Availability Configuration

This guide presents a complete workflow for configuring Nginx and Keepalived to achieve URL rewriting, anti‑hotlinking, static/dynamic resource separation, and high‑availability failover.

Nginx rewrite rules : The rewrite directive rewrites a requested URL to a target URL. Flags such as last , break , redirect (302), and permanent (301) control processing. An example redirects www.dbspread.com to www.dbspread.com/new.index.html using:

rewrite ^/$ http://www.dbspread.com/new.index.html permanent;

Anti‑hotlinking : A location block matches media extensions and uses valid_referers to allow only the own domain. Requests from other sites receive a 403 response.

location ~* \.(rmvb|jpg|png|swf|flv)$ {
    valid_referers none blocked www.dbspread.com;
    root html/b;
    if ($invalid_referer) { return 403; }
}

Static/Dynamic separation : Static assets (html, css, js, images) are served directly from a dedicated directory with long‑term caching ( expires 30d ), while dynamic requests are proxied to Tomcat back‑ends via an upstream block.

location ~ \.(html|css|js|png|jpg|gif)$ {
    root /var/local/static;
    expires 30d;
}
location / {
    proxy_pass http://web1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Keepalived high‑availability : Keepalived monitors Nginx with a custom script ( /usr/local/src/check_nginx_pid.sh ) and manages a virtual IP (VIP) 192.168.152.200 . The master node ( state MASTER ) holds the VIP; the backup ( state BACKUP ) takes over on failure. Configuration files for both nodes define global_defs , vrrp_script , vrrp_instance , and the VIP.

global_defs {
    notification_email { [email protected] }
    router_id nginx_master
}

vrrp_script chk_http_port {
    script "/usr/local/src/check_nginx_pid.sh";
    interval 2;
    weight 2;
}

vrrp_instance VI_1 {
    state MASTER;
    interface eth0;
    virtual_router_id 66;
    priority 100;
    advert_int 1;
    authentication { auth_type PASS; auth_pass 1111; }
    track_script { chk_http_port; }
    virtual_ipaddress { 192.168.152.200; }
}

The health‑check script restarts Nginx if it stops and, on repeated failure, kills Keepalived to trigger VIP migration:

#!/bin/bash
A=$(ps -C nginx --no-header | wc -l)
if [ $A -eq 0 ]; then
    /usr/local/nginx/sbin/nginx
    if [ $(ps -C nginx --no-header | wc -l) -eq 0 ]; then
        killall keepalived
    fi
fi

Testing and verification : After installing Keepalived on both master and backup servers, map the VIP to www.dbspread.com in /etc/hosts , start Nginx and Keepalived, and verify that the site is reachable. Then stop the master node’s services to observe automatic failover to the backup, and restart the master to confirm it regains the VIP.