CentOS 7.4 Tengine安裝配置詳解(二)
1、配置基於端口的虛擬主機:
(1)在http{}配置段中新增如下server:
server {
listen 8000;
server_name localhost;
access_log /usr/local/tengine/logs/localhost8000-access.log main;
location / {
root /vhosts/web;
index index.html index.htm;
}
}
(2)創建測試頁:# mkdir -pv /vhosts/web # echo "<h3>VirtualHost Port 8000</h3>" > /vhosts/web/index.html
(3)重載服務:# nginx -t # nginx -s reload # ss -tunlp | grep :8000
(4)訪問測試頁:http://192.168.1.222:8000
2、配置基於IP的虛擬主機:
(1)新增一個IP:
# ip addr list | grep ens
# ip addr add 192.168.1.250/24 dev ens160
# ip addr list | grep ens
(2)在http{}配置段中新增如下server:
server {
listen 192.168.1.222:80;
server_name localhost;
access_log /usr/local/tengine/logs/192.168.1.222-access.log main;
location / {
root /vhosts/ip/192.168.1.222;
index index.html index.htm;
}
}
server {
listen 192.168.1.250:80;
server_name localhost;
access_log /usr/local/tengine/logs/192.168.1.250-access.log main;
location / {
root /vhosts/ip/192.168.1.250;
index index.html index.htm;
}
}
(3)創建測試頁:
# mkdir -pv /vhosts/ip/{192.168.1.222,192.168.1.250}
# echo "<h3>VirtualHost 192.168.1.222</h3>" > /vhosts/ip/192.168.1.222/index.html
# echo "<h3>VirtualHost 192.168.1.250</h3>" > /vhosts/ip/192.168.1.250/index.html
(4)重載服務:# nginx -t # nginx -s reload # ss -tunlp | grep :80
(5)訪問測試頁:
http://192.168.1.222
http://192.168.1.250
3、配置基於主機名的虛擬主機:
(1)在http{}配置段中新增如下server:
server {
listen 80;
server_name bbs.vhosts.com;
access_log /usr/local/tengine/logs/bbs.vhosts.com-access.log main;
location / {
root /vhosts/bbs;
index index.html index.htm;
}
}
server {
listen 80;
server_name blog.vhosts.com;
access_log /usr/local/tengine/logs/blog.vhosts.com-access.log main;
location / {
root /vhosts/blog;
index index.html index.htm;
}
}
(2)創建測試頁:
# mkdir -pv /vhosts/{bbs,blog}
# echo "<h3>VirtualHost bbs.vhosts.com</h3>" > /vhosts/bbs/index.html
# echo "<h3>VirtualHost blog.vhosts.com</h3>" > /vhosts/blog/index.html
(3)重載服務:# nginx -t # nginx -s reload # ss -tunlp | grep :80
(4)修改本地Windows 10系統的hosts文件:
C:\Windows\System32\drivers\etc\hosts,末尾新增代碼:192.168.1.222 bbs.vhosts.com blog.vhosts.com
(5)訪問測試頁:
http://bbs.vhosts.com
http://blog.vhosts.com
四、基於來源IP實現訪問控制
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
root html;
index index.html index.htm;
location / {
# 網段的寫法:192.168.1.0/24
deny 192.168.1.222;
# 從上到下進行匹配,類似iptables
allow all;
}
location /bbs {
if ( $remote_addr = 192.168.1.146 ) {
return 404;
}
}
}
2、創建測試頁:
# mkdir -pv /usr/local/tengine/html/bbs
# echo "<h3>Hello World</h3>" > /usr/local/tengine/html/bbs/test.html
3、重載服務:# nginx -t # nginx -s reload # ss -tunlp | grep :80
4、分別使用192.168.1.146、192.168.1.222和192.168.199.157作為客戶端進行訪問:
(1)192.168.1.146:# yum -y install elinks # elinks -dump http://192.168.1.222
# elinks -dump http://192.168.1.222/bbs/test.html
(2)192.168.1.222:# yum -y install curl # curl http://192.168.1.222
# curl http://192.168.1.222/bbs/test.html
(3)192.168.199.157:
五、基於用戶名/密碼實現訪問控制:
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
root html;
index index.html index.htm;
location /bbs {
auth_basic "Please Login";
auth_basic_user_file /usr/local/tengine/conf/.htpasswd;
}
}
2、創建測試頁:
# mkdir -pv /usr/local/tengine/html/bbs
# echo "<h3>Login Successful</h3>" > /usr/local/tengine/html/bbs/test.html
3、創建賬號密碼文件:
# yum -y install httpd-tools
# cd /usr/local/tengine/conf
# htpasswd -c -m .htpasswd keyso //用戶名keyso,密碼123456
========================================================
基於文件實現basic身份認證時所使用的賬號密碼生成工具:htpasswd
常用選項:
? -c:自動創建賬號文件(僅在添加第一個用戶時使用該選項)
? -m:使用MD5加密用戶密碼
? -s:使用SHA加密用戶密碼
? -D:刪除指定用戶
========================================================
4、重載服務:# nginx -t # nginx -s reload # ss -tunlp | grep :80
5、訪問測試頁:
http://192.168.1.222
http://192.168.1.222/bbs/test.html
六、定義status頁面:
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
location /status {
stub_status on;
allow 192.168.101.120;
deny all;
access_log off;
}
}
2、重載服務:# nginx -t # nginx -s reload # ss -tunlp | grep :80
3、Windows 10訪問狀態頁:http://192.168.1.222/status
說明:
? Active connections:當前活動的客戶端連接數
? accepts:已經接收過的客戶端連接總數
? handled:已經處理過的客戶端連接總數
? requests:客戶端的請求總數
? request_time:請求時間
? Reading:正在讀取的客戶端請求數
? Writing:正在處理請求或發送響應報文的連接數
? Waiting:等待發出請求的空閑連接數
七、禁止訪問某一類資源:
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
location ~ \.(txt|doc)$ {
if (-f $request_filename){
root html;
break;
}
deny all;
}
}
2、創建測試頁:
# echo "<h3>txt file</h3>" > /usr/local/tengine/html/test.txt
# echo "<h3>doc file</h3>" > /usr/local/tengine/html/test.doc
# echo "<h3>html file</h3>" > /usr/local/tengine/html/test.html
3、重載服務:# nginx -t # nginx -s reload # ss -tunlp | grep :80
4、訪問測試頁:
http://192.168.1.222/test.txt
http://192.168.1.222/test.doc
http://192.168.1.222/test.html
八、root和alias(路徑別名):
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
index index.html index.htm;
location /bbs {
root /vhosts/bbs;
}
location /blog {
alias /vhosts/blog;
}
}
2、創建測試頁:
# mkdir -pv /vhosts/bbs/bbs
# mkdir -pv /vhosts/blog
# echo "<h3>root --> /vhosts/bbs/bbs/index.html</h3>" > /vhosts/bbs/bbs/index.html
# echo "<h3>alias --> /vhosts/blog/index.html</h3>" > /vhosts/blog/index.html
3、重載服務:# nginx -t # nginx -s reload # ss -tunlp | grep :80
4、訪問測試頁:
http://192.168.1.222/bbs
http://192.168.1.222/blog
CentOS 7.4 Tengine安裝配置詳解(二)