web集群之Ngnix相关配置
作者:互联网
1. 源码安装nginx,并提供服务脚本。
1)、下载
[root@localhost ~]# wget -c https://repo.huaweicloud.com/nginx/nginx-1.20.0.tar.gz
2)、解压
[root@localhost ~]# tar xf nginx-1.20.0.tar.gz -C /usr/local/src/
[root@localhost ~]# cd /usr/local/src/nginx-1.20.0/
[root@localhost nginx-1.20.0]#
3)、开始安装 Nginx
#创建Ngnux用户
[root@localhost nginx-1.20.0]# useradd nginx -s /sbin/nologin -M
#安装依赖
[root@localhost nginx-1.20.0]# yum install gcc gcc-c++ make pcre-devel openssl-devel perl-devel perl-ExtUtils-Embed -y
#配置功能
[root@localhost nginx-1.20.0]# ./configure --prefix=/usr/local/nginx \
> --user=nginx --group=nginx \
> --with-threads \
> --with-http_ssl_module \
> --with-http_gzip_static_module \
> --with-http_auth_request_module \
> --with-http_stub_status_module \
> --with-http_perl_module \
> --with-stream \
> --with-pcre
#编译安装
[root@localhost nginx-1.20.0]# make
[root@localhost nginx-1.20.0]# make install
[root@localhost nginx-1.20.0]# ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/n
[root@localhost nginx-1.20.0]# nginx -v
nginx version: nginx/1.20.0
配置服务脚本
[root@localhost ~]# vim /usr/lib/systemd/system/nginx.service
[root@localhost ~]# more /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
修改配置文件指定pid位置
[root@localhost nginx-1.20.0]# vim /usr/local/nginx/conf/nginx.conf
pid /usr/local/nginx/logs/nginx.pid;
启动服务
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl start nginx
测试
配置nginx子配置文件
[root@localhost ~]# cd /usr/local/nginx/
[root@localhost nginx]# mkdir conf.d
user nginx; #指定用户
http {
include /usr/local/nginx/conf.d/*.conf; #在http模块下指定子配置文件位置
重启
[root@localhost nginx]# systemctl restart nginx
2. 配置基于域名的虚拟主机。
通过子配置文件的方式配置
1)、配置测试界面
[root@localhost ~]# cd /usr/local/nginx/conf.d
[root@localhost conf.d]# cd ../html/
[root@localhost html]# mv index.html {,.bak}
[root@localhost html]# vim index.html
[root@localhost html]# more index.html
<html>
<meta charset="utf-8">
<head>
<title>TEST Site</title>
</head>
<body>
测试页面
<table border=1>
<tr> <td>01</td> <td>云计算 </td> </tr>
<tr> <td>02</td> <td>大数据</td> </tr>
<tr> <td>03</td> <td>人工智</td> </tr>
</table>
<body>
</html>
2)、配置虚拟主机
[root@localhost ~]# cd /usr/local/nginx/conf.d/
[root@localhost conf.d]# vim vhost.conf
[root@localhost conf.d]# vim vhost.conf
server {
listen 80;
server_name web1.test.com;
location / {
root /data/web1/html;
index index.html index.html;
}
}
server {
listen 80;
server_name web2.test.com;
location / {
root /data/web2/html;
index index.html index.html;
}
}
[root@localhost conf.d]# mkdir /data/web{1,2}/html -p
[root@localhost conf.d]# echo "web1 test page " > /data/web1/html/index.html
[root@localhost conf.d]# echo "web2 test page " > /data/web2/html/index.html
[root@localhost conf.d]# vim /etc/hosts
192.168.159.133 web1.test.com web2.test.com
[root@localhost conf.d]# systemctl restart nginx
测试:
[root@localhost conf.d]# curl web1.test.com
web1 test page
[root@localhost conf.d]# curl web2.test.com
web2 test page
3. 配置nginx基于用户和地址的访问控制。
1)、基于地址的访问控制
[root@localhost ~]# vim /usr/local/nginx/conf.d/vhost.conf
server {
listen 80;
server_name web1.test.com;
location / {
root /data/web1/html;
index index.html index.html;
autoindex on;
if (!-f $request_filename) {
rewrite /.* /err.html permanent;
}
deny 192.168.159.136; //拒绝该地址
allow 192.168.159.0/24; //允许改网段
}
}
在地址为192.168.159.136端测试:
[root@rs1 ~]# curl http://192.168.159.133/forum/index.html
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.20.0</center>
</body>
</html>
2)、基于用户的访问控制
auth_basic 指令包含一个具有测试用户名和密码的 HTTP 基本认证,指定的参数将用于认证域。如果将值设置为 “off” 则忽略下级指令继承的动作。 auth_basic_user_file 指令为验证域指定了密码文件, 0.6.7 版本以后这里指定的文件是 nginx.conf 所在目录的相对路径,而不 是 –prefix 指定的路径。
配置认证
server {
listen 80;
server_name web1.test.com;
location / {
root /data/web1/html;
index index.html index.html;
autoindex on;
if (!-f $request_filename) {
rewrite /.* /err.html permanent;
}
allow 192.168.159.0/24;
auth_basic "Restricted";
auth_basic_user_file /data/web1/webpass;
}
}
下载httpd-tools
[root@localhost ~]# yum install httpd-tools -y
创建账号密码, 此账号密码就是用户访问网站时需要输入的
[root@localhost ~]# htpasswd -c -m /data/web1/webpass tom
New password:
Re-type new password:
Adding password for user tom
重启服务
[root@localhost html]# systemctl restart nginx
测试
4. 配置nginx rewrite,要求如果访问不存在的任意网页都重定向到错误页面,错误页面内容自行定义。
[root@localhost ~]# cd /usr/local/nginx/html/
[root@localhost html]# vim err.html
this page is non-existent
[root@localhost html]# vim /usr/local/nginx/conf.d/vhost.conf
server {
listen 80;
server_name web1.test.com;
location / {
root /data/web1/html;
index index.html index.html;
autoindex on;
if (!-f $request_filename) {
rewrite /.* /err.html permanent;
}
}
}
[root@localhost html]# systemctl restart nginx
标签:web,index,Ngnix,nginx,html,集群,conf,root,localhost 来源: https://blog.csdn.net/qq_46839776/article/details/122482130