nginx访问控制，用户认证，配置https，zabbix监控nginx状态页面

nginx访问控制，用户认证，配置https，zabbix监控nginx状态页面

nginx访问控制

用于location段
allow：设定允许哪台或哪些主机访问，多个参数间用空格隔开
deny： 设定禁止哪台或哪些主机访问，多个参数间用空格隔开

//测试
[root@nginx ~]# cd /usr/local/nginx/html/
[root@nginx html]# ls
50x.html  index.html
[root@nginx html]# echo 'hello world' > index.html 
[root@nginx html]# systemctl restart nginx

//虚拟机访问
[root@nginx html]# curl 192.168.111.141
hello world

访问测试

//修改配置文件
[root@nginx html]# cd ..
[root@nginx nginx]# vim conf/nginx.conf
        location / {
   
            allow 192.168.111.141;		//只允许虚拟机访问
            deny all;
            root   html;
            index  index.html index.htm;
        }
[root@nginx nginx]# systemctl restart nginx

//虚拟机访问
[root@nginx nginx]# curl 192.168.111.141
hello world

访问测试

nginx用户认证

//安装httpd工具包
[root@nginx ~]# yum -y install httpd-tools

//修改配置文件
[root@nginx ~]# cd /usr/local/nginx/conf/
[root@nginx conf]# vim nginx.conf
        location / {
   
            root   html;
            index  index.html index.htm;
        }

        location /abc {
    
             auth_basic "ABC"; 
             auth_basic_user_file "/usr/local/nginx/conf/.pass"; 	//密码位置 
             root html;
             index index.html;
        }

//生成用户密码
[root@nginx conf]# htpasswd -cm /usr/local/nginx/conf/.pass runtime
New password: 
Re-type new password: 
Adding password for user runtime
[root@nginx conf]# cat .pass 
runtime:$apr1$nPzAshNM$nvmalzBcNQlagDB3ipABc1		//加密后的密码
[root@nginx conf]# systemctl restart nginx

直接访问

访问根下的abc

nginx配置https

证书申请及签署步骤

a) 生成申请请求 b) RA核验c) CA签署 d) 获取证书

//生成证书
[root@nginx ~]# cd /etc/pki/
[root@nginx pki]# mkdir CA
[root@nginx pki]# cd CA/
[root@nginx CA]# mkdir private
[root@nginx CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)		//括号必须要
Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
............................................................................+++++
e is 65537 (0x010001)
[root@nginx CA]# ls private/
cakey.pem

//CA生成自签署证书
[