今日内容 Nginx安装部署、用户认证、web虚拟主机、HTTPS加密网站
一、Nginx安装部署
1.环境准备
1)所需软件:gcc、make、openssl-devel、pcre-devel
yum -y install gcc make openssl pcre-devel
2.搭建nginx服务器
1)准备nginx的源码编译包,解压并进入
cd nginx-1.22.1/
2.运行configure脚本,定义安装的位置和功能,生成Makefile
./configure --prefix=/usr/local/nginx --with-http_ssl_module --user=nginx --group=nginx
3)编译放入内存
make
4)安装
make install
conf:配置文件;html:网页文件根目录;logs:日志;sbin:主程序
useradd -s /sbin/nologin nginx sbin/nginx ss -ntupl | grep :80 sbin/nginx -s reload sbin/nginx -s stop sbin/nginx -V # 查看安装模块
3.测试
curl 192.168.88.88
二、用户认证
1.修改nginx配置,为虚拟主机添加用户认证的配置
vim /usr/local/nginx/conf/nginx.conf server { listen 80; servername localhost; auth_basic "password"; auth_basic_user_file "/usr/local/nginx/pass" #定义存储用户及密码的位置 location / { root html; index index.html; } }
2.下载添加用户认证的软件
yum -y install http-tools
3.添加用户
htpasswd -c /usr/local/nginx/pass tom htpasswd /usr/local/nginx/pass jemmy cat /usr/local/nginx/pass
如果取消则会出现401或者403的错误
三、web虚拟主机
1.基于域名
cd /usr/local/nginx vim conf/nginx.conf http{ ... server { listen 80; server_name www.b.com; location / { root html_b; index index.html index.htm; } server { listen 80; servername www.a.com; location / { root html; index index.html index.htm; } } mkdir html_b echo www.b.com > html_b/index.html echo www.a.com > html/index.html echo "192.168.88.88 www.a.com www.b.com" > /etx/hosts sbin/nginx -s reload curl www.a.com curl www.b.com
2.基于端口
vim conf/nginx.conf server{ listen 80; servername www.a.com; localtion / { root html; index index.html; } } server{ listen 8080; servername www.a.com; localtion / { root html_b; index index.html; } }
3.基于ip
vim conf/nginx.conf server{ listen 192.168.88.88:80; servername www.a.com; localtion / { root html; index index.html; } } server{ listen 192.168.88.89:80; servername www.a.com; localtion / { root html_b; index index.html; } }
四、HTTPS加密网站
1.修改配置文件
vim conf/nginx.conf 打开注释server{ listen 443 ssl; servername localhost; ... location / { root https; index index.html } } mkdir https echo https > https/index.html
2.创建加密的私钥与证书
openssl genrsa > conf/cert.key openssl req -x509 -key conf/cert.key > conf/cert.pem
3.重启系统并验证
sbin/nginx -s reload curl -k 192.168.88.88
4.定义
将网站数据通过ssl模块进行加密,其中加密通过生成私钥与证书完成
5.加密算法
对称:用于单机:AES,DES
非对称:用于网络:RSA,DSA
信息摘要:用于数据验证:MD5,sha256