Comprehensive Guide to Nginx Rewrite Rules, Anti‑Hotlinking, Static/Dynamic Separation, and Keepalived High‑Availability Configuration
This article provides a step‑by‑step tutorial on configuring Nginx rewrite rules, implementing anti‑hotlinking protection, separating static and dynamic resources, and setting up Keepalived for high‑availability, complete with detailed code examples and deployment instructions.
1. Nginx Rewrite Rules
Rewrite rules transform incoming URLs into target URLs, improving URL readability and SEO. The syntax is rewrite <regex> <replacement> [flag]; where flags such as last , break , redirect , and permanent control processing.
server {
listen 80; # listen on port 80
server_name www.dbspread.com;
index index.jsp index.html index.htm;
root /usr/local/nginx/html;
location / {
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite ^/$ http://www.dbspread.com/new.index.html permanent;
proxy_pass http://web1;
}
# example: redirect www.dbspread.com to a specific page
rewrite ^/$ http://www.dbspread.com/new.index.html permanent;
}2. Nginx Anti‑Hotlinking
Anti‑hotlinking prevents other sites from directly linking to your media files (e.g., av123.rmvb ). The configuration uses valid_referers to define a whitelist and returns 403 for invalid requests.
server {
listen 80;
server_name www.dbspread.com;
location ~* \.(rmvb|jpg|png|swf|flv)$ {
valid_referers none blocked www.dbspread.com;
root html/b;
if ($invalid_referer) {
return 403;
}
}
}3. Nginx Static/Dynamic Separation
Static resources (HTML, CSS, images, etc.) are served directly from a dedicated directory with long‑term caching, while dynamic requests are proxied to backend Tomcat servers via upstream groups.
# static files
location ~* \.(html|htm|gif|jpg|jpeg|bmp|png|ico|txt|js|css)$ {
root /var/local/static;
expires 30d;
}
# dynamic proxy
upstream web1 {
server 192.168.152.129:8080 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.152.129:8081 weight=1 max_fails=2 fail_timeout=30s;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://web1;
}4. Nginx + Keepalived High‑Availability
Keepalived provides VRRP‑based failover for Nginx. Two nodes (MASTER and BACKUP) share a virtual IP (VIP). Health‑check scripts monitor Nginx, and the backup takes over the VIP if the master fails.
# Global configuration
global_defs {
notification_email { [email protected] }
notification_email_from [email protected]
smtp_server smtp.hysec.com
router_id nginx_master
}
# Health‑check script
vrrp_script chk_http_port {
script "/usr/local/src/check_nginx_pid.sh"
interval 2
weight 2
}
# VRRP instance
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script { chk_http_port }
virtual_ipaddress {
192.168.152.200
}
}The same configuration (with state BACKUP and lower priority ) is applied on the secondary node. After deployment, the VIP moves seamlessly between nodes, ensuring continuous service.
Top Architect
Top Architect focuses on sharing practical architecture knowledge, covering enterprise, system, website, large‑scale distributed, and high‑availability architectures, plus architecture adjustments using internet technologies. We welcome idea‑driven, sharing‑oriented architects to exchange and learn together.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.