web集群之Ngnix相关配置

1. 源码安装nginx，并提供服务脚本。

1)、下载

[root@localhost ~]# wget -c https://repo.huaweicloud.com/nginx/nginx-1.20.0.tar.gz

2）、解压

[root@localhost ~]# tar xf nginx-1.20.0.tar.gz -C /usr/local/src/
[root@localhost ~]# cd /usr/local/src/nginx-1.20.0/
[root@localhost nginx-1.20.0]#

3）、开始安装 Nginx

#创建Ngnux用户
[root@localhost nginx-1.20.0]# useradd nginx -s /sbin/nologin -M

#安装依赖
[root@localhost nginx-1.20.0]# yum install gcc gcc-c++ make pcre-devel openssl-devel perl-devel perl-ExtUtils-Embed -y

#配置功能
[root@localhost nginx-1.20.0]# ./configure --prefix=/usr/local/nginx \
> --user=nginx --group=nginx \
> --with-threads \
> --with-http_ssl_module \
> --with-http_gzip_static_module \
> --with-http_auth_request_module \
> --with-http_stub_status_module \
> --with-http_perl_module \
> --with-stream \
> --with-pcre

#编译安装
[root@localhost nginx-1.20.0]# make
[root@localhost nginx-1.20.0]# make install

[root@localhost nginx-1.20.0]# ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/n
[root@localhost nginx-1.20.0]# nginx -v
nginx version: nginx/1.20.0

配置服务脚本

[root@localhost ~]# vim /usr/lib/systemd/system/nginx.service
[root@localhost ~]# more /usr/lib/systemd/system/nginx.service

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID 
PrivateTmp=true

[Install] 
WantedBy=multi-user.target

修改配置文件指定pid位置

[root@localhost nginx-1.20.0]# vim /usr/local/nginx/conf/nginx.conf

pid        /usr/local/nginx/logs/nginx.pid;

 启动服务

[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl start nginx

测试

配置nginx子配置文件

[root@localhost ~]# cd /usr/local/nginx/
[root@localhost nginx]# mkdir conf.d


user nginx;  #指定用户

http {
    include /usr/local/nginx/conf.d/*.conf; #在http模块下指定子配置文件位置

 重启

[root@localhost nginx]# systemctl restart nginx

2. 配置基于域名的虚拟主机。

通过子配置文件的方式配置

1）、配置测试界面

[root@localhost ~]# cd /usr/local/nginx/conf.d
[root@localhost conf.d]# cd ../html/
[root@localhost html]# mv index.html {,.bak}
[root@localhost html]# vim index.html
[root@localhost html]# more index.html
<html>
<meta charset="utf-8"> 
<head>
    <title>TEST Site</title>
</head>
<body>
     测试页面
     <table border=1>
         <tr> <td>01</td> <td>云计算 </td> </tr> 
         <tr> <td>02</td> <td>大数据</td> </tr> 
         <tr> <td>03</td> <td>人工智</td> </tr>
     </table> 
<body> 
</html>

 2）、配置虚拟主机

[root@localhost ~]# cd /usr/local/nginx/conf.d/
[root@localhost conf.d]# vim vhost.conf

[root@localhost conf.d]# vim vhost.conf

server {
    listen      80;
    server_name web1.test.com;

    location / {
        root   /data/web1/html;
        index  index.html index.html;
    }
}

server {
    listen      80;
    server_name web2.test.com;

    location / {
        root   /data/web2/html;
        index  index.html index.html;
    }
}


[root@localhost conf.d]# mkdir /data/web{1,2}/html -p
[root@localhost conf.d]# echo "web1 test page " > /data/web1/html/index.html
[root@localhost conf.d]# echo "web2 test page " > /data/web2/html/index.html

[root@localhost conf.d]# vim /etc/hosts

192.168.159.133 web1.test.com web2.test.com

[root@localhost conf.d]# systemctl restart nginx

测试：

[root@localhost conf.d]# curl web1.test.com
web1 test page 
[root@localhost conf.d]# curl web2.test.com
web2 test page 

3. 配置nginx基于用户和地址的访问控制。

1）、基于地址的访问控制

[root@localhost ~]# vim /usr/local/nginx/conf.d/vhost.conf 
server {
    listen        80;
    server_name   web1.test.com;

        location / {
            root   /data/web1/html;
            index  index.html index.html;
            autoindex on;
            if (!-f $request_filename) {
            rewrite /.* /err.html permanent;
         }
         deny 192.168.159.136;    //拒绝该地址
         allow 192.168.159.0/24;  //允许改网段
     }
}

 在地址为192.168.159.136端测试：

[root@rs1 ~]# curl http://192.168.159.133/forum/index.html
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.20.0</center>
</body>
</html>

2）、基于用户的访问控制

auth_basic

指令包含一个具有测试用户名和密码的 HTTP 基本认证，指定的参数将用于认证域。如果将值设置为 “off”

则忽略下级指令继承的动作。

auth_basic_user_file

指令为验证域指定了密码文件， 0.6.7 版本以后这里指定的文件是 nginx.conf 所在目录的相对路径，而不

是 –prefix 指定的路径。

配置认证 

server {
    listen        80;
    server_name   web1.test.com;

        location / {
            root   /data/web1/html;
            index  index.html index.html;
            autoindex on;
            if (!-f $request_filename) {
            rewrite /.* /err.html permanent;
         }
         allow 192.168.159.0/24;
         auth_basic   "Restricted";
         auth_basic_user_file /data/web1/webpass;
     }
}

下载httpd-tools

[root@localhost ~]# yum install httpd-tools -y

创建账号密码， 此账号密码就是用户访问网站时需要输入的 

[root@localhost ~]# htpasswd -c -m /data/web1/webpass tom
New password: 
Re-type new password: 
Adding password for user tom

重启服务

[root@localhost html]# systemctl restart nginx

 测试

4. 配置nginx rewrite，要求如果访问不存在的任意网页都重定向到错误页面，错误页面内容自行定义。

[root@localhost ~]# cd /usr/local/nginx/html/
[root@localhost html]# vim err.html
this page is non-existent

[root@localhost html]# vim /usr/local/nginx/conf.d/vhost.conf 

server {
    listen        80;
    server_name   web1.test.com; 
 
        location / {
            root   /data/web1/html;
            index  index.html index.html;
            autoindex on;
            if (!-f $request_filename) {
            rewrite /.* /err.html permanent;
         }
     }
}

[root@localhost html]# systemctl restart nginx