网络安全系统网站服务
1)网站服务概念介绍
网站服务:
①:浏览器看到页面之前
②:向服务发出请求 互联网 (HTTP请求,HTTP响应)
③:网站服务(反馈 编码网络状态码(200表示正常))
④:存储目录进行查找数据 (站点目录www)
网站服务就是可以客户端浏览器进行数据传递通讯服务
网站服务端口信息 80
网站服务处理请求方式:
方式一: 静态方式进行处理 效应效率快
客户端浏览器 请求什么数据,响应什么数据
方法二: 动态方式进行处理 更完善数据响应
客户端浏览器 请求什么数据,将请求数据进行一定处理,再讲数据进行响应
2)网站服务部署过程 静态方式
nginx (静态*),apache
Linux系统中:软件服务安装方法:
第一种方式:利用yum方式安装 apt-get
特点说明:
1)需要连接外网
2)软件下载并安装
3)可以解决软件依赖
yum install -y vim telnet
yum reinstall -y vim telnet
yum remove/erase vim telnet 慎用 (移除安装包)
yum search/provides 命令信息或文件信息 获取软件包名称信息/验证软件包是否存在
nginx
第二种方式:利用rpm方式安装
特点说明:
1)无法解决依赖问题
2)可以不用连接外网
第一个历程:需要下载好软件程序包
第二个历程:将下载好的程序包放入到系统中
rz -y --- 加载需要上传的数据 上传过程
sz -y oldboy.txt --- 下载需要保存数据信息 下载过程
第三个历程:安装软件程序
rpm -ivh 安装程序包.rpm
i --- 表示安装指定程序包
v --- 显示程序安装过程
h --- 显示的过程信息尽量人类可读
验证:
[root@test-201 ~]# rpm -qa // 用于查看软件包是否安装
[root@test-201 ~]# rpm -ql // 查看某一个软件程序安装部署了哪些信息
第三种方式:编译安装程序
特点说明:
1)无法解决依赖问题
2)可以不用连接外网
3)可以定制化安装软件程序 ***
第一个历程:需要下载好程序包(压缩包)/解压程序包
第二个历程:进入到解压后的程序目录
第三个历程:进行软件部署配置过程 开启功能/指定程序保存目录
第四个历程:编译过程 翻译 (软件程序代码信息翻译后让系统识别代码)
第五个历程:编译安装过程
nginx
第四种方式:二进制包方式安装程序(绿色方式安装软件)
特点说明:
1)安装部署过程方便
2)无法解决依赖问题
3)无需连接外网环境
[root@test-201 ~]# ll
total 22216
-rw-------. 1 root root 1574 May 16 2019 anaconda-ks.cfg
-rw-rw-r-- 1 500 500 1048576 Aug 19 21:57 cache.db
-rwxrwxr-x 1 500 500 10860100 Aug 19 21:57 hm
-rw-r--r-- 1 root root 10823663 Sep 27 17:28 hm-linux-amd64.tgz
-rw-r--r-- 1 root root 10 Sep 27 17:04 oldboy.txt
---------- 1 root root 0 Sep 25 19:10 test.txt
-rw-r--r-- 1 root root 3 Sep 27 17:02 新建文本文档.rpm
[root@test-201 ~]# mkdir hm_dir
[root@test-201 ~]# mv hm cache.db hm_dir/
[root@test-201 ~]# ll
total 10584
-rw-------. 1 root root 1574 May 16 2019 anaconda-ks.cfg
drwxr-xr-x 2 root root 32 Sep 27 17:36 hm_dir
-rw-r--r-- 1 root root 10823663 Sep 27 17:28 hm-linux-amd64.tgz
-rw-r--r-- 1 root root 10 Sep 27 17:04 oldboy.txt
---------- 1 root root 0 Sep 25 19:10 test.txt
-rw-r--r-- 1 root root 3 Sep 27 17:02 新建文本文档.rpm
[root@test-201 ~]# cd hm_dir/
[root@test-201 ~/hm_dir]# ll
total 11632
-rw-rw-r-- 1 500 500 1048576 Aug 19 21:57 cache.db
-rwxrwxr-x 1 500 500 10860100 Aug 19 21:57 hm
[root@test-201 ~/hm_dir]# ./hm xxxxxx //利用hm查杀病毒
示例:
[root@test-201 ~/hm_dir]# ./hm scan /tmp/ //用hm扫描查杀tmp目录下病毒(联网操作可以更新病毒库)
{1.8.2 hm#linux-amd64.24fbb40}
__
| |--.-----.--------.---.-.
| | -__| | _ |
|__|__|_____|__|__|__|___._|
http://www.shellpub.com
[*] 扫描预处理 2020-09-27 17:41:18
[*] 开始扫描 2020-09-27 17:41:18
|----------| 0/1 0% [elapsed: 1.038984ms left: 0s, 0.00 iters/sec]
+------+----------+------+
| 类型 | 深度查杀 | 数量 |
+------+----------+------+
| 后门 | 0 | 0 |
| 疑似 | 0 | 0 |
+------+----------+------+
| 总计 | 0 |
+------+----------+------+
[*] 恭喜!没有发现网站后门, 请您继续保持!
|##########| 1/1 100% [elapsed: 1.001727351s left: 0s, 1.00 iters/sec]
*有病毒会显示新生成的病毒报告
2) nginx程序:
第一种方式:yum安装软件程序
yum install -y nginx(最简单的方式,强推!!!)
①:先优化Centos(看好版本)源和eple源 (yum路径:/etc/yum.repos.d/ 装完在这里找
)
[root@test-201 ~]#curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@test-201 ~]#curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
②:yum install -y nginx
[root@test-201 ~]#yum install -y nginx
完成
*由于本人用的第一种,所以第二种方式截图演示
第二种方式:采用编译方式安装
第一个历程:下载软件程序源码包
wget http://nginx.org/download/nginx-1.18.0.tar.gz
[root@test-201 ~]#wget http://nginx.org/download/nginx-1.18.0.tar.gz
第二个历程:需要解决软件依赖问题
yum install -y pcre-devel openssl-devel
[root@test-201 ~]#yum install -y pcre-devel openssl-devel
第三个历程:解压软件程序/进行配置过程
cd nginx
useradd -M -s /sbin/nologin nginx (用户不存在 可以创建出来)
./config
--prefix=PATH --- 指定安装程序数据保存目录
--user=USER --- 管理服务进程用户(虚拟用户)信息
--with-http_ssl_module --- 表示开启了https访问能
--with-http_stub_status_module --- 表示开启nginx服务状态监控功能
第四个历程: 编译过程
make
第五个历程: 编译安装
make install
启动服务程序:进行测试
方式一:yum安装软件启动服务
systemctl start nginx
方式二:编译安装需要使用命令脚本
/app/nginx/sbin/nginx --- 启动程序
网站服务启动之后。无法访问页面排查方法:
1)确认服务运行状态
2)确认服务网络配置
ping 10.0.0.100
telnet 10.0.0.100 80
3)可以在命令行测试页面
curl -I 10.0.0.100
3) 网站服务目录结构:
a)配置文件所在目录
/etc/nginx nginx.conf conf.d/xxx.conf --- yum安装软件配置目录
/app/nginx/conf/ nginx.conf --- 编译安装软件配置目录
b)站点目录所在位置 (图片 音频 视频 代码文件)
/usr/share/nginx/html/ --- 默认网站站点目录
c)网站日志文件保存目录
/var/log/nginx --- 程序日志文件信息
4) 网站服务配置介绍:
主配置文件:
nginx.conf
user nginx; --- 指定nginx服务worker进程用户
=======================================================================================
# ps -ef|grep nginx
root 27435 1 0 10:49 ? 00:00:00 nginx: master process /usr/sbin/nginx
nginx 27436 27435 0 10:49 ? 00:00:00 nginx: worker process
master --- boss 法人 === 服务主进程 控制服务运行状态
worker --- 公司员工 === 服务工作进程 处理网站服务任务
=======================================================================================
worker_processes auto; --- 指定可以拥有多少个worker进程
=======================================================================================
worker进程数量根据服务器硬件环境来定义:
worker进程数量 == 服务器CPU总的核心数 == 并行处理任务能力
老师 教室
error_log /var/log/nginx/error.log; --- 定义错误日志文件保存路径
pid /run/nginx.pid; --- 定义进程编号文件保存路径
判断服务是否启动/判断服务是否关闭
include /usr/share/nginx/modules/*.conf; --- 扩展加载其他文件配置信息
events {
worker_connections 1024; --- 每个worker进程可以承载连接数 总的服务连接数=worker进程数量*单个进程连接数
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
--- 定义访问日志格式信息
access_log /var/log/nginx/access.log main;
--- 定义访问网站日志保存路径
keepalive_timeout 65; --- TCP长连接超时时间
=====================================================================
TCP长链接:一次链接,发送多个数据请求信息 但链路出现空闲时,会有时间倒计时算法 保证链路利用率
TCP短链接:一次链接,发送一次数据请求信息 通讯效率会较低/ 节省通讯资源
include /etc/nginx/mime.types; 扩展加载了一个特殊文件 媒体资源类型文件
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf 扩展加载配置文件 不同网站配置文件
www.conf
bbs.conf
blog.conf
51cto.com
www.51cto.com 官方网站 活动推广信息
bbs.51cto.com 论坛网站 技术知识交流
blog.51cto.com 博客网站 技术资料分享
edu.51cto.com 视频网站 学习技术知识
}
扩展配置文件:
conf.d/xxx.conf
5)网站服务配置文件介绍:
bbs.conf文件:
server {
listen 80; #指定服务监听端口信息 用于接收用户访问请求
server_name bbs.oldboy.com; #指定网站域名信息
root /html/bbs; #指定服务站点目录
index index.html; #指定首页文件信息 会进行默认加载
}
blog.conf文件:
server {
listen 80; #指定服务监听端口信息 用于接收用户访问请求
server_name blog.oldboy.com; #指定网站域名信息
root /html/blog; #指定服务站点目录
index index.html; #指定首页文件信息 会进行默认加载
}
www.conf文件:
server {
listen 80; #指定服务监听端口信息 用于接收用户访问请求
server_name www.oldboy.com; #指定网站域名信息
root /html/www; #指定服务站点目录
index index.html; #指定首页文件信息 会进行默认加载
}
演示:
[root@test-201 ~]# cd /etc/nginx/conf.d/
[root@test-201 /etc/nginx/conf.d]# ll
total 0
[root@test-201 /etc/nginx/conf.d]# vim www.conf
[root@test-201 /etc/nginx/conf.d]# vim bbs.conf
[root@test-201 /etc/nginx/conf.d]# vim blog.conf
[root@test-201 /etc/nginx/conf.d]# ll
total 12
-rw-r--r-- 1 root root 359 Sep 28 09:54 bbs.conf
-rw-r--r-- 1 root root 392 Sep 28 09:55 blog.conf
-rw-r--r-- 1 root root 371 Sep 28 09:53 www.conf
[root@test-201 /etc/nginx]# ls /html
[root@test-201 /etc/nginx]# cd /html
[root@test-201 /html]# ll
total 0
[root@test-201 /html]# mkd
mkdict mkdir mkdosfs mkdumprd
[root@test-201 /html]# mkdir bbs www blog
[root@test-201 /html]# ls
bbs blog www
[root@test-201 /html]# vim www
[root@test-201 /html]# vim /html/www
[root@test-201 /html]# vi /html/www
[root@test-201 /html]# cd /html/www
[root@test-201 /html/www]# vim index.html
[root@test-201 /html/www]# cd /html/bbs
[root@test-201 /html/bbs]# vim index.html
[root@test-201 /html/bbs]# cd /html/blog/
[root@test-201 /html/blog]# vim index.html
[root@test-201 /html/blog]# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[root@test-201 /html/blog]# systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[root@test-201 /html/blog]# nginx -t
nginx: [emerg] unknown directive "bbs.conf" in /etc/nginx/conf.d/bbs.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
[root@test-201 /html/blog]# cd /etc/nginx/conf.d/
[root@test-201 /etc/nginx/conf.d]# systemctl start nginx
[root@test-201 /etc/nginx/conf.d]# cat *.conf
server {
listen 80; #指定服务监听端口信息 用于接收用户访问请求
server_name bbs.oldboy.com; #指定网站域名信息
root /html/bbs; #指定服务站点目录
index index.html; #指定首页文件信息 会进行默认加载
}
server {
listen 80; #指定服务监听端口信息 用于接收用户访问请求
server_name blog.oldboy.com; #指定网站域名信息
root /html/blog; #指定服务站点目录
index index.html; #指定首页文件信息 会进行默认加载
}
server {
listen 80; #指定服务监听端口信息 用于接收用户访问请求
server_name www.oldboy.com; #指定网站域名信息
root /html/www; #指定服务站点目录
index index.html; #指定首页文件信息 会进行默认加载
主机hosts文件修改:
结果:
6)网站服务企业应用说明:
· 实现静态代码发布过程
三步操作
第一步:获取静态代码信息
从一些网站获取开源代码 github / https://gitee.com/
(个人的代码包)
第二步:解压压缩包信息
unzip 代码包
[root@test-201 /html/www]# unzip h5game.zip
第三部:进行测试访问
配置好DNS信息(已经设置好的,可以通外网)![在这里插入图片描述]
实现数据共享存储功能
第一个历程:创建共享目录存储共享数据
mkdir /html/share
echo 网站使用说明 >readme
第二个历程:编写共享网站配置信息
server {
listen 80;
server_name share.oldboy.com;
root /html/share;
autoindex on;
}
nginx.conf主配置文件中:
include /etc/nginx/mime.types; --- 媒体资源类型文件,识别用户想访问资源信息
default_type application/octet-stream; --- 未知文类型或默认识别为application/octet-stream
默认加载识别为octet-stream类型文件,会直接进行下载
演示:
[root@test-201 /html]# mkdir share
[root@test-201 /html]# ll
total 0
drwxr-xr-x 2 root root 24 Sep 28 11:28 bbs
drwxr-xr-x 2 root root 24 Sep 28 11:28 blog
drwxr-xr-x 2 root root 6 Sep 28 15:49 share
drwxr-xr-x 6 root root 109 Sep 28 15:36 www
[root@test-201 /html]# cd /share
[root@test-201 /share]# cd /html/share
[root@test-201 /html/share]# cd /share
[root@test-201 /share]# ls
oldboy_share.txt
[root@test-201 /share]# cd /html/share
[root@test-201 /html/share]# echo 网站使用说明 >readme
[root@test-201 /html/share]# ll
total 4
-rw-r--r-- 1 root root 19 Sep 28 15:51 readme
[root@test-201 /html/share]# cd /etc/nginx/conf.d/
[root@test-201 /etc/nginx/conf.d]# ll
total 12
-rw-r--r-- 1 root root 349 Sep 28 11:31 bbs.conf
-rw-r--r-- 1 root root 374 Sep 28 11:32 blog.conf
-rw-r--r-- 1 root root 371 Sep 28 09:53 www.conf
[root@test-201 /etc/nginx/conf.d]# cp bbs.conf share.conf
[root@test-201 /etc/nginx/conf.d]# vim share.conf
[root@test-201 /etc/nginx/conf.d]# systemctl restart nginx
[root@test-201 /etc/nginx/conf.d]# cat share.conf
server {
listen 80;
server_name share.oldboy.com;
root /html/share;
index index.html;
autoindex on;
}
[root@test-201 /etc/nginx/conf.d]# cd /html/share/
[root@test-201 /html/share]# echo oldboy123 >oldboy.txt
[root@test-201 /html/share]# fil
file filefrag filterdiff
[root@test-201 /html/share]# file oldboy.txt
oldboy.txt: ASCII text
[root@test-201 /html/share]# file readme
readme: UTF-8 Unicode text
[root@test-201 /html/share]# cat /etc/nginx/conf.d/
cat: /etc/nginx/conf.d/: Is a directory
[root@test-201 /html/share]# cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
[root@test-201 /html/share]# cat /etc/nginx/mime.types
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
[root@test-201 /html/share]# grep txt /etc/nginx/mime.types
text/plain txt;
[root@test-201 /html/share]# grep octet-stream /etc/nginx/mime.types
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
[root@test-201 /html/share]#
[root@test-201 /html/share]#
也需要修改主机hosts文件:
结果:
综合应用:
[root@test-201 /html/share]# vi /etc/nginx/conf.d/share.conf
[root@test-201 /html/share]# systemctl restart nginx
[root@test-201 /html/share]# vi /etc/nginx/conf.d/share.conf
[root@test-201 /html/share]# systemctl start nginx
[root@test-201 /html/share]# pwd
/html/share
[root@test-201 /html/share]# touch 老男孩.txt
[root@test-201 /html/share]# ll
total 8
-rw-r--r-- 1 root root 10 Sep 28 16:02 oldboy.txt
-rw-r--r-- 1 root root 19 Sep 28 15:51 readme.txt
-rw-r--r-- 1 root root 0 Sep 28 16:39 老男孩.txt
[root@test-201 /html/share]# mkdir 免费资源
[root@test-201 /html/share]# mkdir 收费资源vip
[root@test-201 /html/share]# mkdir 古装大剧
[root@test-201 /html/share]# mkdir 现代都市
[root@test-201 /html/share]# ll
total 8
-rw-r--r-- 1 root root 10 Sep 28 16:02 oldboy.txt
-rw-r--r-- 1 root root 19 Sep 28 15:51 readme.txt
drwxr-xr-x 2 root root 6 Sep 28 16:42 免费资源
drwxr-xr-x 2 root root 6 Sep 28 16:43 古装大剧
drwxr-xr-x 2 root root 6 Sep 28 16:43 收费资源vip
drwxr-xr-x 2 root root 6 Sep 28 16:44 现代都市
-rw-r--r-- 1 root root 0 Sep 28 16:39 老男孩.txt
[root@test-201 /html/share]# mv 老男孩.txt 免费资源/
[root@test-201 /html/share]#
配置文件区域概念:
主区域 : 一些服务运行优化配置信息
事件区域: 一些服务运行优化参数信息
HTTP区域: 配置网站服务功能指令
server区域: 针对不同网站功能指令
location区域:针对不同页面功能配置
网站服务 ---> 不同网站 ---> 不同页面
7)实现网站服务安全访问
1)可以根据用户地址信息进行访问控制
第一个历程:编写配置文件设置访问控制策略
本地windows主机 10.0.0.1 --- 内部资源是可以访问
本地windows主机 10.0.0.2 --- 内部资源是拒绝访问
server {
listen 80;
server_name share.oldboy.com;
root /html/share;
autoindex on;
charset utf-8;
location /内部资源/ {
allow 10.0.0.1;
deny all;
}
}
第二个历程:进行访问测试
决绝访问会显示403错误状态码
演示:
[root@test-201 /html/share]# mkdir 内部资源;
[root@test-201 /html/share]# echo 123456 >内部资源/公司未来发展计划.doc
[root@test-201 /html/share]# vi /etc/nginx/conf.d/share.conf
[root@test-201 /html/share]# systemctl start nginx
[root@test-201 /html/share]# cat /etc/nginx/conf.d/share.conf
server {
listen 80;
server_name share.oldboy.com;
root /html/share;
index index.html;
autoindex on;
charset utf-8;
location /内部资源/{
allow 10.0.0.1;
deny all;
}
}
[root@test-201 /html/share]# systemctl restart nginx
2)设置用户登录信息进行访问控制:
第一个历程:编写配置文件信息
server {
listen 80;
server_name share.oldboy.com;
root /html/share;
autoindex on;
charset utf-8;
location /内部资源/ {
allow 10.0.0.1;
deny all;
}
location /收费资源VIP/ {
auth_basic "高管登录认证"; --- 开启认证功能
auth_basic_user_file /etc/nginx/password.txt; --- 指定加载一个用户密码文件
}
}
第二个历程:生成密码文件
oldboy123 --- 存储服务端 数据库 xxxausdtiasdtuiasd 密文信息
yum install -y httpd-tools
htpasswd -c /etc/nginx/password.txt oldboy --- 设置用户密文密码信息
第三个历程:进行认证测试访问
演示:
[root@test-201 /html/share]# vi /etc/nginx/conf.d/share.conf
[root@test-201 /html/share]# cat /etc/nginx/conf.d/share.conf
server {
listen 80;
server_name share.oldboy.com;
root /html/share;
autoindex on;
charset utf-8;
location /内部资源/{
allow 10.0.0.1;
deny all;
}
location /收费资源vip/{
auth_basic "高管登录认证"; #开启认证功能
auth_basic_user_file /etc/nginx/password.txt; #指定加载一个用户密码文件
}
}
[root@test-201 /html/share]# systemctl restart nginx
[root@test-201 /html/share]# cd
[root@test-201 ~]# yum install -y httpd-tools
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00:02
(2/2): epel/x86_64/primary_db | 6.9 MB 00:00:08
Resolving Dependencies
--> Running transaction check
---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================
Package Arch Version Repository Size
======================================================================================================================
Installing:
httpd-tools x86_64 2.4.6-93.el7.centos base 92 k
Transaction Summary
======================================================================================================================
Install 1 Package
Total download size: 92 k
Installed size: 168 k
Downloading packages:
httpd-tools-2.4.6-93.el7.centos.x86_64.rpm | 92 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : httpd-tools-2.4.6-93.el7.centos.x86_64 1/1
Verifying : httpd-tools-2.4.6-93.el7.centos.x86_64 1/1
Installed:
httpd-tools.x86_64 0:2.4.6-93.el7.centos
Complete!
[root@test-201 ~]# htpasswd
[root@test-201 ~]# vi /etc/nginx/conf.d/share.conf
[root@test-201 ~]# cat /etc/nginx/conf.d/share.conf
server {
listen 80;
server_name share.oldboy.com;
root /html/share;
autoindex on;
charset utf-8;
location /内部资源/{
allow 10.0.0.1;
deny all;
}
location /收费资源vip/{
auth_basic "高管登录认证"; #开启认证功能
auth_basic_user_file /etc/nginx/password.txt; #指定加载一个用户密码文件
}
}
[root@test-201 ~]# htpasswd -c /etc/nginx/password.txt oldboy
New password:
Re-type new password:
Adding password for user oldboy
[root@test-201 ~]# cat /etc/nginx/password.txt
oldboy:$apr1$0neupPyZ$k9TFasIX2bjRAK3vnPdkP.
[root@test-201 ~]# htpasswd /etc/nginx/password.txt oldgirl
New password:
Re-type new password:
htpasswd: password verification error
[root@test-201 ~]# htpasswd /etc/nginx/password.txt oldgirl
New password:
Re-type new password:
Adding password for user oldgirl
[root@test-201 ~]# cat /etc/nginx/password.txt
oldboy:$apr1$0neupPyZ$k9TFasIX2bjRAK3vnPdkP.
oldgirl:$apr1$pzNxeJGL$zZmEvRLl1rVSD6osUWr1N0
[root@test-201 ~]# htpasswd /etc/nginx/password.txt oldbaby
New password:
Re-type new password:
Adding password for user oldbaby
[root@test-201 ~]# cat /etc/nginx/password.txt
oldboy:$apr1$0neupPyZ$k9TFasIX2bjRAK3vnPdkP.
oldgirl:$apr1$pzNxeJGL$zZmEvRLl1rVSD6osUWr1N0
oldbaby:$apr1$GS.V.QuR$h02QKO.qB.ATPfHVYcYBf1
#三个用户密码相同,加密信息不同
实现网站服务状态监控 dos doss www.oldboyedu.com
第一个历程:开启监控状态平台功能
server {
listen 80;
server_name www.oldboy.com;
root /html/www;
index index.html;
location /status/ {
stub_status; --- 开启监控平台页面
}
}
演示:
[root@test-201 /html/share/收费资源vip]# cd /etc/nginx/conf.d/
[root@test-201 /etc/nginx/conf.d]# ll
total 16
-rw-r--r-- 1 root root 349 Sep 28 11:31 bbs.conf
-rw-r--r-- 1 root root 374 Sep 28 11:32 blog.conf
-rw-r--r-- 1 root root 539 Sep 28 18:48 share.conf
-rw-r--r-- 1 root root 371 Sep 28 09:53 www.conf
[root@test-201 /etc/nginx/conf.d]# vim www.conf
[root@test-201 /etc/nginx/conf.d]# cat www.conf
server {
listen 80; #指定服务监听端口信息 用于接收用户访问请求
server_name www.oldboy.com; #指定网站域名信息
root /html/www; #指定服务站点目录
index index.html; #指定首页文件信息 会进行默认加载
location /status/{
stub_status; #开启监控平台页面
}
}
[root@test-201 /etc/nginx/conf.d]# systemctl restart nginx
监控页面数值信息:
Active connections: 1
server accepts handled requests
3 3 11
Reading: 0 Writing: 1 Waiting: 1 HTTP数据包 响应 队列机制 忽略
Active connections: 此时激活连接数信息,并发连接数信息 ******
accepts: 接收建立连接总的数量
handled: 处理连接请求总的数量
PS:通常情况 accpts == handled
服务器建立连接最大值 1000 请求建立连接 2000 accepts > handled 1000
requests:请求包总的数量
8)网站服务日志信息说明
error.log --- 记录网站服务运行或者访问过程中错误信息
access.log --- 记录访问者访问信息
演示:
[root@test-201 /etc/nginx/conf.d]# tail -f /var/log/nginx/access.log
10.0.0.1 - oldboy [28/Sep/2020:21:00:51 +0800] "GET /%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/ HTTP/1.1" 200 310 "http://share.oldboy.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - - [28/Sep/2020:21:00:53 +0800] "GET / HTTP/1.1" 200 1130 "http://share.oldboy.com/%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - - [28/Sep/2020:21:01:20 +0800] "GET / HTTP/1.1" 200 1130 "http://share.oldboy.com/%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - oldboy [28/Sep/2020:21:01:22 +0800] "GET /%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/ HTTP/1.1" 200 310 "http://share.oldboy.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - - [28/Sep/2020:21:01:23 +0800] "GET / HTTP/1.1" 200 1130 "http://share.oldboy.com/%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - - [28/Sep/2020:21:01:38 +0800] "GET / HTTP/1.1" 200 1130 "http://share.oldboy.com/%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - oldboy [28/Sep/2020:21:01:39 +0800] "GET /%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/ HTTP/1.1" 200 310 "http://share.oldboy.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - oldboy [28/Sep/2020:21:01:41 +0800] "GET /%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/%E6%83%8A%E5%96%9C.txt HTTP/1.1" 200 0 "http://share.oldboy.com/%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - - [28/Sep/2020:21:01:50 +0800] "GET / HTTP/1.1" 200 1130 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
10.0.0.1 - oldboy [28/Sep/2020:21:01:56 +0800] "GET /%E6%94%B6%E8%B4%B9%E8%B5%84%E6%BA%90vip/ HTTP/1.1" 200 310 "http://share.oldboy.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Edg/85.0.564.63" "-"
① 记录客户端IP地址
② 记录认证登录用户信息
③ 客户端访问网站时间信息
④ 获取访问网站请求方法和请求资源 和安全有关
⑤ 状态信息
⑥ 访问过程消耗的网站流量
⑦ 记录访问此页面是通过哪个网站进行引流转发的
⑧ 客户端利用什么软件在访问网站服务
日志分析工具