11月26日任务

12.6 Nginx安装

12.7 默认虚拟主机

12.8 Nginx用户认证

12.9 Nginx域名重定向

 

12.6 、Nginx安装

• cd /usr/local/src
•  wget http://nginx.org/download/nginx-1.12.1.tar.gz
•  tar zxf nginx-1.12.1.tar.gz
•  ./configure --prefix=/usr/local/nginx
•  make &&  make install
•  vim /etc/init.d/nginx //复制如下内容（参考https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D15Z/etc_init.d_nginx ）
• chmod 755 /etc/init.d/nginx
•  chkconfig --add nginx 
•  chkconfig nginx on 
•  cd /usr/local/nginx/conf/; mv nginx.conf nginx.conf.bak
•  vim nginx.conf //写入如下内容（参考https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D15Z/nginx.conf）
•  /usr/local/nginx/sbin/nginx -t
•  /etc/init.d/nginx  start
•  netstat -lntp |grep 80

 

#安装过程

[root@zgxlinux-01 src]# cd /usr/local/src/

[root@zgxlinux-01 src]# wget http://nginx.org/download/nginx-1.14.0.tar.gz

[root@zgxlinux-01 src]# tar -zxvf nginx-1.14.0.tar.gz  [root@zgxlinux-01 nginx-1.14.0]# ./configure --prefix=/usr/local/nginx [root@zgxlinux-01 nginx-1.14.0]# make && make install

[root@zgxlinux-01 nginx-1.14.0]# ls /usr/local/nginx/

conf  html  logs  sbin

[root@zgxlinux-01 nginx-1.14.0]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@zgxlinux-01 nginx-1.14.0]# vim /etc/init.d/nginx     #编辑启动脚本，粘贴如下内容

#!/bin/bash# chkconfig: - 30 21# description: http service.# Source Function Library. /etc/init.d/functions# Nginx SettingsNGINX_SBIN="/usr/local/nginx/sbin/nginx"NGINX_CONF="/usr/local/nginx/conf/nginx.conf"NGINX_PID="/usr/local/nginx/logs/nginx.pid"RETVAL=0prog="Nginx"start() {    echo -n $"Starting $prog: "    mkdir -p /dev/shm/nginx_temp    daemon $NGINX_SBIN -c $NGINX_CONF    RETVAL=$?    echo    return $RETVAL}stop() {    echo -n $"Stopping $prog: "    killproc -p $NGINX_PID $NGINX_SBIN -TERM    rm -rf /dev/shm/nginx_temp    RETVAL=$?    echo    return $RETVAL}reload(){    echo -n $"Reloading $prog: "    killproc -p $NGINX_PID $NGINX_SBIN -HUP    RETVAL=$?    echo    return $RETVAL}restart(){    stop    start}configtest(){    $NGINX_SBIN -c $NGINX_CONF -t    return 0}case "$1" in  start)        start        ;;  stop)        stop        ;;  reload)        reload        ;;  restart)        restart        ;;  configtest)        configtest        ;;  *)        echo $"Usage: $0 {start|stop|reload|restart|configtest}"        RETVAL=1esacexit $RETVAL

[root@zgxlinux-01 nginx-1.14.0]# chmod 755 /etc/init.d/nginx 

[root@zgxlinux-01 nginx-1.14.0]# chkconfig --add nginx  [root@zgxlinux-01 nginx-1.14.0]# chkconfig nginx on [root@zgxlinux-01 nginx-1.14.0]# cd /usr/local/nginx/conf [root@zgxlinux-01 conf]# ls fastcgi.conf            koi-win             scgi_params fastcgi.conf.default    mime.types          scgi_params.default fastcgi_params          mime.types.default  uwsgi_params fastcgi_params.default  nginx.conf          uwsgi_params.default koi-utf                 nginx.conf.default  win-utf [root@zgxlinux-01 conf]# mv nginx.conf nginx.conf.1

[root@zgxlinux-01 conf]# vim nginx.conf                  #编辑新的配置文件，粘贴一下内容

 

user nobody nobody;worker_processes 2;error_log /usr/local/nginx/logs/nginx_error.log crit;pid /usr/local/nginx/logs/nginx.pid;worker_rlimit_nofile 51200;events{    use epoll;    worker_connections 6000;}http{    include mime.types;    default_type application/octet-stream;    server_names_hash_bucket_size 3526;    server_names_hash_max_size 4096;    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'    ' $host "$request_uri" $status'    ' "$http_referer" "$http_user_agent"';    sendfile on;    tcp_nopush on;    keepalive_timeout 30;    client_header_timeout 3m;    client_body_timeout 3m;    send_timeout 3m;    connection_pool_size 256;    client_header_buffer_size 1k;    large_client_header_buffers 8 4k;    request_pool_size 4k;    output_buffers 4 32k;    postpone_output 1460;    client_max_body_size 10m;    client_body_buffer_size 256k;    client_body_temp_path /usr/local/nginx/client_body_temp;    proxy_temp_path /usr/local/nginx/proxy_temp;    fastcgi_temp_path /usr/local/nginx/fastcgi_temp;    fastcgi_intercept_errors on;    tcp_nodelay on;    gzip on;    gzip_min_length 1k;    gzip_buffers 4 8k;    gzip_comp_level 5;    gzip_http_version 1.1;    gzip_types text/plain application/x-javascript text/css text/htm     application/xml;    server    {        listen 80;        server_name localhost;        index index.html index.htm index.php;        root /usr/local/nginx/html;        location ~ \.php$         {            include fastcgi_params;            fastcgi_pass unix:/tmp/php-fcgi.sock;            fastcgi_index index.php;            fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;        }        }}

 

[root@zgxlinux-01 conf]# /etc/init.d/nginx start

Starting nginx (via systemctl):                            [  确定  ] [root@zgxlinux-01 conf]# ps aux |grep nginx root      4421  0.0  0.0  20548   624 ?        Ss   13:14   0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf nobody    4422  0.0  0.3  22992  3212 ?        S    13:14   0:00 nginx: worker process nobody    4423  0.0  0.3  22992  3212 ?        S    13:14   0:00 nginx: worker process root      4425  0.0  0.0 112720   980 pts/0    R+   13:14   0:00 grep --color=auto nginx [root@zgxlinux-01 conf]# vim /usr/local/nginx/html/1.php

[root@zgxlinux-01 conf]# curl localhost/1.php

This is nginx test page.[root@zgxlinux-01 conf]#

 

 

12.7 、Nginx默认虚拟主机

• vim /usr/local/nginx/conf/nginx.conf //增加
•  include vhost/*.conf
•  mkdir /usr/local/nginx/conf/vhost
•  cd !$;  vim default.conf //加入如下内容

        server

    {

         listen 80 default_server;  // 有这个标记的就是默认虚拟主机

         server_name aaa.com;

         index index.html index.htm index.php;

       root /data/wwwroot/default;

  }

•  mkdir -p /data/wwwroot/default/
•  echo “This is a default site.”>/data/wwwroot/default/index.html
•  /usr/local/nginx/sbin/nginx -t
•  /usr/local/nginx/sbin/nginx -s reload
•  curl localhost
•  curl -x127.0.0.1:80 123.com
• mkdir /data/wwwroot/test.com
•  echo “test.com”>/data/wwwroot/test.com/index.html
•  curl -x127.0.0.1:80 test.com -I//状态码为401说明需要验证
•  curl -uaming:passwd 访问状态码变为200
•  编辑windows的hosts文件，然后在浏览器中访问test.com会有输入用户、密码的弹窗
•  针对目录的用户认证
• location  /admin/
•     {
•         auth_basic              "Auth";
•         auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
•  

[root@zgxlinux-01 conf]# vim nginx.conf

[root@zgxlinux-01 conf]# pwd

/usr/local/nginx/conf [root@zgxlinux-01 conf]# mkdir vhost [root@zgxlinux-01 conf]# cd vhost/ [root@zgxlinux-01 vhost]# ls [root@zgxlinux-01 vhost]# vim aaa.com.conf

[root@zgxlinux-01 vhost]# mkdir /data/wwwroot/default

[root@zgxlinux-01 vhost]# cd /data/wwwroot/default/ [root@zgxlinux-01 default]# vim index.html

[root@zgxlinux-01 default]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@zgxlinux-01 default]# /etc/init.d/nginx restart     #重启服务也可以直接重新加载一次，如下条命令： [root@zgxlinux-01 default]# /usr/local/nginx/sbin/nginx -s reload

[root@zgxlinux-01 default]# curl localhost

This is the default site. [root@zgxlinux-01 default]# curl -x127.0.0.1:80 bbb.com This is the default site. [root@zgxlinux-01 default]# curl -x127.0.0.1:80 bbbc.com This is the default site. [root@zgxlinux-01 default]# curl -x127.0.0.1:80 aaaa.com This is the default site.  

 

 

10.8、Nginx 用户认证

• vim /usr/local/nginx/conf/vhost/test.com.conf//写入如下内容

server

{     listen 80;     server_name test.com;     index index.html index.htm index.php;     root /data/wwwroot/test.com;      location  /     {         auth_basic              "Auth";         auth_basic_user_file   /usr/local/nginx/conf/htpasswd; } }

• yum install -y httpd
•  htpasswd -c /usr/local/nginx/conf/htpasswd aming
•  -t &&  -s reload //测试配置并重新加载
   

#操作过程

[root@zgxlinux-01 default]# vim /usr/local/nginx/conf/vhost/test.com.conf

[root@zgxlinux-01 /]# cd /usr/local/nginx/conf/

[root@zgxlinux-01 /]# cd /usr/local/nginx/conf/ [root@zgxlinux-01 conf]# /usr/local/apache2.4.37/bin/htpasswd -c /usr/local/nginx/conf/htpasswd zhangguoxiang  New password:  Re-type new password:  Adding password for user zhangguoxiang [root@zgxlinux-01 conf]# cat /usr/local/nginx/conf/htpasswd  zhangguoxiang:$apr1$NTNBftDs$NYbmry9DKE.egD1vn0NJm/

[root@zgxlinux-01 conf]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@zgxlinux-01 conf]# /usr/local/nginx/sbin/nginx -s reload [root@zgxlinux-01 conf]# curl -x 127.0.0.1:80 test.com <html> <head><title>401 Authorization Required</title></head> <body bgcolor="white"> <center><h1>401 Authorization Required</h1></center> <hr><center>nginx/1.14.0</center> </body> </html>

[root@zgxlinux-01 conf]# curl -x 127.0.0.1:80 -uzhangguoxiang:123456 test.com

<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx/1.14.0</center> </body> </html>

[root@zgxlinux-01 conf]# mkdir /data/wwwroot/test.com

[root@zgxlinux-01 conf]# echo "test.com" > /data/wwwroot/test.com/index.html [root@zgxlinux-01 conf]# curl  -x127.0.0.1:80 -uzhangguoxiang:123456 test.com test.com #这样设置是针对整个站点需要验证，那么我们如何设置成只限制admin目录验证呢？

[root@zgxlinux-01 conf]# cd /usr/local/nginx/conf/vhost/

[root@zgxlinux-01 vhost]# vim test.com.conf

[root@zgxlinux-01 vhost]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@zgxlinux-01 vhost]# /usr/local/nginx/sbin/nginx -s reload [root@zgxlinux-01 vhost]# curl  -x127.0.0.1:80 test.com test.com [root@zgxlinux-01 vhost]# curl  -x127.0.0.1:80 test.com/admin/ <html> <head><title>401 Authorization Required</title></head> <body bgcolor="white"> <center><h1>401 Authorization Required</h1></center> <hr><center>nginx/1.14.0</center> </body> </html>

[root@zgxlinux-01 vhost]# mkdir /data/wwwroot/test.com/admin

[root@zgxlinux-01 vhost]# echo "test.com.conf dir" > /data/wwwroot/test.com/admin/index.html [root@zgxlinux-01 vhost]# curl  -uzhangguoxiang:123456 -x127.0.0.1:80 test.com/admin/ test.com.conf dir  

 

12.9、Nginx域名重定向

• 更改test.com.conf

server

{

    listen 80;

    server_name test.com test1.com test2.com;

    index index.html index.htm index.php;

    root /data/wwwroot/test.com;

    if ($host != 'test.com' ) {

        rewrite  ^/(.*)$  http://test.com/$1  permanent;

    }

}

•  server_name后面支持写多个域名，这里要和httpd的做一个对比
•  permanent为永久重定向，状态码为301，如果写redirect则为302

[root@zgxlinux-01 vhost]# vim test.com.conf 

[root@zgxlinux-01 vhost]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@zgxlinux-01 vhost]# /usr/local/nginx/sbin/nginx -s reload

[root@zgxlinux-01 vhost]# curl -x127.0.0.1:80 test2.com/index.html/1ewfsdf -I

HTTP/1.1 301 Moved Permanently Server: nginx/1.14.0 Date: Sat, 01 Dec 2018 03:00:33 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: http://test.com/index.html/1ewfsdf

[root@zgxlinux-01 vhost]# curl -x127.0.0.1:80 test3.com/index.html/1ewfsdf -I

HTTP/1.1 301 Moved Permanently Server: nginx/1.14.0 Date: Sat, 01 Dec 2018 03:00:40 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: http://test.com/index.html/1ewfsdf

[root@zgxlinux-01 vhost]# curl -x127.0.0.1:80 test4.com/index.html/1ewfsdf -I

HTTP/1.1 404 Not Found Server: nginx/1.14.0 Date: Sat, 01 Dec 2018 03:00:46 GMT Content-Type: text/html Content-Length: 169