nginx调优1

准备两台虚拟机，配好yum源和ip地址，一台为服务端，一台为客户端

使用源码安装nginx软件包

⦁	[root@proxy ~]# yum -y install gcc pcre-devel openssl-devel        //安装依赖包
⦁	[root@proxy ~]# useradd -s /sbin/nologin nginx
⦁	[root@proxy ~]# tar  -xf   nginx-1.10.3.tar.gz
⦁	[root@proxy ~]# cd  nginx-1.10.3
⦁	[root@proxy nginx-1.10.3]# ./configure   \
⦁	> --prefix=/usr/local/nginx   \                //指定安装路径
⦁	> --user=nginx   \                            //指定用户
⦁	> --group=nginx  \                            //指定组
⦁	> --with-http_ssl_module                        //开启SSL加密功能

设置防火墙与SELinux

⦁	[root@proxy ~]# firewall-cmd --set-default-zone=trusted
⦁	[root@proxy ~]# setenforce 

测试首页文件

⦁	[root@client ~]# curl http://192.168.4.5
⦁	<html>
⦁	<head>
⦁	<title>Welcome to nginx!</title>
⦁	</head>
⦁	<body bgcolor="white" text="black">
⦁	<center><h1>Welcome to nginx!</h1></center>
⦁	</body>
⦁	</html>

修改Nginx配置文件

⦁	[root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
⦁	.. ..
⦁	server {
⦁	        listen       80;
⦁	        server_name  localhost;
⦁	        auth_basic "Input Password:";                        //认证提示符
⦁	        auth_basic_user_file "/usr/local/nginx/pass";        //认证密码文件
⦁	        location / {
⦁	            root   html;
⦁	            index  index.html index.htm;
⦁	        }
⦁	  }

生成密码文件，创建用户及密码

⦁	[root@proxy ~]# htpasswd -c /usr/local/nginx/pass   tom        //创建密码文件
⦁	New password: 
⦁	Re-type new password: 
⦁	Adding password for user tom
⦁	[root@proxy ~]# htpasswd  /usr/local/nginx/pass   jerry      //追加用户，不使用-c选项
⦁	New password: 
⦁	Re-type new password: 
⦁	Adding password for user jerry

重启Nginx服务

root@proxy ~]# /usr/local/nginx/sbin/nginx -s reload    

登录192.168.4.10客户端主机进行测试

⦁	[root@client ~]# firefox http://192.168.4.5

修改配置文件

⦁	[root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
⦁	.. ..
⦁	server {
⦁	        listen       80;                                      //端口
⦁	        server_name  www.a.com;                                //域名
⦁	auth_basic "Input Password:";                        //认证提示符
⦁	        auth_basic_user_file "/usr/local/nginx/pass";        //认证密码文件
⦁	location / {
⦁	            root   html;                                    //指定网站根路径
⦁	            index  index.html index.htm;
⦁	       }
⦁	       
⦁	}
⦁	… …
⦁	
⦁	    server {
⦁	        listen  80;                                        //端口
⦁	        server_name  www.b.com;                                //域名
⦁	location / { 
⦁	root   www;                                 //指定网站根路径
⦁	index  index.html index.htm;
⦁	}
⦁	}

创建网站根目录及对应首页文件

⦁	[root@proxy ~]# mkdir /usr/local/nginx/www
⦁	[root@proxy ~]# echo "www" > /usr/local/nginx/www/index.html

客户端测试

⦁	 [root@client ~]# vim /etc/hosts
⦁	192.168.4.5    www.a.com  www.b.com

生成私钥与证书

⦁	[root@proxy ~]# cd /usr/local/nginx/conf
⦁	[root@proxy ~]# openssl genrsa > cert.key                            //生成私钥
⦁	[root@proxy ~]# openssl req -new -x509 -key cert.key > cert.pem      //生成证书

修改Nginx配置文件，设置加密网站的虚拟主机

⦁	[root@proxy ~]# vim  /usr/local/nginx/conf/nginx.conf
⦁	… …    
⦁	server {
⦁	        listen       443 ssl;
⦁	        server_name            www.c.com;
⦁	        ssl_certificate      cert.pem;         #这里是证书文件
⦁	        ssl_certificate_key  cert.key;         #这里是私钥文件
⦁	
⦁	        ssl_session_cache    shared:SSL:1m;
⦁	        ssl_session_timeout  5m;
⦁	
⦁	        ssl_ciphers  HIGH:!aNULL:!MD5;
⦁	        ssl_prefer_server_ciphers  on;
⦁	
⦁	        location / {
⦁	            root   html;
⦁	            index  index.html index.htm;
⦁	        }
⦁	    }

客户端验证
修改客户端主机192.168.4.10的/etc/hosts文件，进行域名解析

⦁	[root@client ~]# vim /etc/hosts
⦁	192.168.4.5    www.c.com  www.a.com   www.b.com

2）登录192.168.4.10客户端主机进行测试

⦁	[root@client ~]# firefox https://www.c.com            //信任证书后可以访问