Linux中nginx配置
阿新 • • 發佈:2018-08-31
ffffff mas 私有 ces install root .cn *** 配置 6.10訪問控制
用於location段
allow:設定允許哪臺或那些主機訪問,多個參數間用空格隔開
deny:設定禁止哪臺或那些主機訪問,多個參數間用空格隔開
實例:
//允許這個IP訪問
//添加以下模塊
location / {
root html;
index index.html index.htm;
allow 192.168.209.1;
deny all;
}
//禁止這個IP訪問 location / { root html; index index.html index.htm; deny 192.168.209.1; allow all; }
6.11 基於用戶認證
[root@lanzhiyong ~]# mkdir /usr/local/nginx/auth [root@lanzhiyong ~]# yum provides *bin/htpasswd [root@lanzhiyong ~]# yum install -y httpd-tools [root@lanzhiyong ~]# htpasswd -c -m /usr/local/nginx/auth/.user_auth_file lan New password: //設置密碼 Re-type new password: Adding password for user lan [root@lanzhiyong ~]# cat /usr/local/nginx/auth/.user_auth_file lan:$apr1$4vbJXU8y$zpEH2Jf5syQhaN7GBrAlO0 [root@lanzhiyong ~]# vim /usr/local/nginx/conf/nginx.conf //添加以下模塊 location / { root html; index index.html index.htm; auth_basic "I Love china"; auth_basic_user_file ../auth/.user_auth_file; }
6.12 https配置
生成私鑰,生成證書簽署請求並獲得證書,然後在nginx.conf中配置如下內容: openssl實現私有CA: CA的配置文件:/etc/pki/tls/openssl.cnf ①CA生成一對密鑰 [root@lanzhiyong ~]# cd /etc/pki/CA/ [root@lanzhiyong CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) #生成秘鑰 [root@lanzhiyong CA]# openssl rsa -in private/cakey.pem -pubout #提取公鑰 ②CA生成自簽署證書 [root@lanzhiyong CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 #生成自簽署證 [root@lanzhiyong CA]# openssl x509 -text -in cacert.pem #讀出cacert.pem證書的內容 [root@lanzhiyong CA]# mkdir certs newcerts crl [root@lanzhiyong CA]# touch index.txt && echo 01 > serial ③客戶端(例如httpd服務器)生成秘鑰 [root@lanzhiyong nginx]# mkdir ssl [root@lanzhiyong nginx]# cd ssl/ [root@lanzhiyong ssl]# (umask 077;openssl genrsa -out nginx.key 2048) [root@lanzhiyong ssl]# ls nginx.key ④客戶端生成證書簽署請求 [root@lanzhiyong ssl]# openssl req -new -key nginx.key -days 365 -out nginx.csr [root@lanzhiyong ssl]# ls nginx.csr nginx.key #公鑰私鑰 ⑤客戶端把證書簽署請求文件發送給CA scp httpd.csr root@CA端IP:/root ⑥CA簽署客戶端提交上來的證書 [root@lanzhiyong ssl]# openssl ca -in ./nginx.csr -out nginx.crt -days 365 [root@lanzhiyong ssl]# ls nginx.crt nginx.csr nginx.key ⑦CA把簽署好的證書httpd.crt發給客戶端 scp httpd.crt root@客戶端IP:/etc/httpd/ssl/
8.6.13開啟狀態界面
[root@lanzhiyong conf]# vim nginx.conf
//添加以下模塊
location /status {
stub_status on;
allow 192.168.209.1;
deny all;
}
6.14 rewrite(模塊的作用是用來執行url重定向)
語法: rewrite regex replacement flag; 如: rewrite ^/images/(.*\.jpeg)$ /imgs/$1 break;
此處的$1用於引用(.*.jpeg)匹配到的內容,又如: rewrite ^/bbs/(.*)$ http://www.baidu.com/index.html redirect
[root@lanzhiyong ~]# cd /usr/local/nginx/html
[root@lanzhiyong html]# mkdir images
[root@lanzhiyong html]# cd images/
[root@lanzhiyong images]# ls
timg.jpeg #此處添加一張圖片
[root@lanzhiyong conf]# vim nginx.conf
//添加以下模塊
location /images {
root html;
index index.html;
}
[root@lanzhiyong conf]# nginx -t
[root@lanzhiyong conf]# nginx -s reload
語法: rewrite regex replacement flag; 如: rewrite ^/images/(.*\.jpeg)$ /imgs/$1 break;
********重命令images改為imgs,客戶訪問以前怎麽訪問的現在還是怎麽訪問的,重定向url**************
[root@lanzhiyong nginx]# cd html/
[root@lanzhiyong html]# mv images imgs
[root@lanzhiyong html]# ls
50x.html imgs index.html
[root@lanzhiyong conf]# vim nginx.conf
//添加一下模塊
location /images {
root html;
index index.html;
rewrite ^/images/(.*\.jpeg)$ /imgs/$1 break;
}
[root@lanzhiyong conf]# nginx -t
[root@lanzhiyong conf]# nginx -s reload
此處的$1用於引用(.*.jpeg)匹配到的內容,又如: rewrite ^/bbs/(.*)$ http://www.baidu.com/index.html redirect;
[root@lanzhiyong conf]# vim nginx.conf
//添加以下模塊
location /images {
root html;
index index.html;
rewrite ^/images/(.*\.jpeg)$ http://www.baidu.com redirect;
}
[root@lanzhiyong conf]# nginx -t
[root@lanzhiyong conf]# nginx -s reload
Linux中nginx配置