1.1 访问默认主页
本机IPV4:192.168.110.31
[root@Rocky8-node1 ~]# curl localhost:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
默认主页位置
[root@Rocky8-node1 ~]# ll /usr/share/nginx/html/ total 8 -rw-r--r-- 1 root root 497 Apr 12 2023 50x.html -rw-r--r-- 1 root root 615 Apr 12 2023 index.html
1.2 基于不同IP地址的访问
1.2.1 网卡添加IP地址
[root@Rocky8-node1 ~]# nmcli connection modify ens160 +ipv4.addresses 192.168.110.100/24 [root@Rocky8-node1 ~]# nmcli connection modify ens160 +ipv4.addresses 192.168.110.200/24 [root@Rocky8-node1 ~]# nmcli connection up ens160 [root@Rocky8-node1 ~]# ip address show ens160 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:d1:a9:eb brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 192.168.110.31/24 brd 192.168.110.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet 192.168.110.100/24 brd 192.168.110.255 scope global secondary noprefixroute ens160 valid_lft forever preferred_lft forever inet 192.168.110.200/24 brd 192.168.110.255 scope global secondary noprefixroute ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fed1:a9eb/64 scope link noprefixroute valid_lft forever preferred_lft forever
1.2.2 创建测试页
[root@Rocky8-node1 ~]# mkdir -p /nginx/testpage{1..3}
[root@Rocky8-node1 ~]# echo "Test page-01 IP:192.168.110.31" > /nginx/testpage1/index.html
[root@Rocky8-node1 ~]# echo "Test page-02 IP:192.168.110.100" > /nginx/testpage2/index.html
[root@Rocky8-node1 ~]# echo "Test page-03 IP:192.168.110.200" > /nginx/testpage3/index.html
1.2.3 配置虚拟主机
[root@Rocky8-node1 ~]# vim /etc/nginx/conf.d/VirtualHost.conf #在Nginx的子配置文件下创建一个 *.conf的文件
server {
listen 192.168.110.31:80;
server_name 192.168.110.31;
location / {
root /nginx/testpage1;
index index.html;
}
}
server {
listen 192.168.110.100:80;
server_name 192.168.110.100;
location / {
root /nginx/testpage2;
index index.html;
}
}
server {
listen 192.168.110.200:80;
server_name 192.168.110.200;
location / {
root /nginx/testpage3;
index index.html;
}
}
| 模块内容 | 解释 |
|---|---|
listen 192.168.110.31:80; | Nginx 监听 IP 地址192.168.110.31上的端口80。Nginx 将接收发送到该 IP 地址和端口的所有 HTTP 请求。 |
server_name 192.168.110.31; | 定义了服务器名称(server_name),通常用于域名,这里指定了 IP 地址。 |
location / { ... } | location 定义了如何处理匹配特定路径的请求。 |
root /nginx/testpage1; | 定义了请求的根目录。当 Nginx 接收到一个请求时,会在这个目录下查找请求的文件。 |
index index.html; | 定义了服务器的默认索引文件。当请求一个目录时,Nginx 会尝试在该目录下查找这个文件。 |
1.2.4 检测语法重载配置
[root@Rocky8-node1 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@Rocky8-node1 ~]# nginx -s reload
1.2.5 访问测试
[root@Rocky8-node1 ~]# curl http://192.168.110.31:80 Test page-01 IP:192.168.110.31 [root@Rocky8-node1 ~]# curl http://192.168.110.100:80 Test page-02 IP:192.168.110.100 [root@Rocky8-node1 ~]# curl http://192.168.110.200:80 Test page-03 IP:192.168.110.200
1.3 基于不同端口的访问测试
1.1.1 创建测试页
[root@Rocky8-node1 ~]# echo Test page-01 port:8081 > /nginx/testpage1/index.html [root@Rocky8-node1 ~]# echo Test page-02 port:8082 > /nginx/testpage2/index.html [root@Rocky8-node1 ~]# echo Test page-03 port:8083 > /nginx/testpage3/index.html
1.1.2 配置虚拟主机
[root@Rocky8-node1 ~]# mv /etc/nginx/conf.d/VirtualHost.conf{,.bak-IP} #备份之前的配置
[root@Rocky8-node1 ~]# vim /etc/nginx/conf.d/VirtualHost.conf
server {
listen 192.168.110.31:8081;
server_name 192.168.110.31;
location / {
root /nginx/testpage1;
index index.html;
}
}
server {
listen 192.168.110.31:8082;
server_name 192.168.110.31;
location / {
root /nginx/testpage2;
index index.html;
}
}
server {
listen 192.168.110.31:8083;
server_name 192.168.110.31;
location / {
root /nginx/testpage3;
index index.html;
}
}
1.1.3 检测语法重载配置
[root@Rocky8-node1 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@Rocky8-node1 ~]# nginx -s reload
1.1.4 访问测试
[root@Rocky8-node1 ~]# curl http://192.168.110.31:8081 Test page-01 port:8081 [root@Rocky8-node1 ~]# curl http://192.168.110.31:8082 Test page-02 port:8082 [root@Rocky8-node1 ~]# curl http://192.168.110.31:8083 Test page-03 port:8083
1.4 基于域名访问
1.4.1 创建测试页
[root@Rocky8-node1 ~]# echo "Test page-01 rname:www.page-01.com" > /nginx/testpage1/index.html [root@Rocky8-node1 ~]# echo "Test page-02 rname:www.page-02.com" > /nginx/testpage2/index.html [root@Rocky8-node1 ~]# echo "Test page-03 rname:www.page-01.com" > /nginx/testpage3/index.html
1.4.2 配置虚拟主机
[root@Rocky8-node1 ~]# mv /etc/nginx/conf.d/VirtualHost.conf{,.bak-Port}
server {
listen 192.168.110.31:80;
server_name www.page-01.com;
location / {
root /nginx/testpage1;
index index.html;
}
}
server {
listen 192.168.110.31:80;
server_name www.page-02.com;
location / {
root /nginx/testpage2;
index index.html;
}
}
server {
listen 192.168.110.31:80;
server_name www.page-01.com;
location / {
root /nginx/testpage3;
index index.html;
}
}
1.4.3 检测语法重载配置
[root@Rocky8-node1 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@Rocky8-node1 ~]# nginx -s reload
1.4.3 配置Hosts解析(方法一)
1.4.1.1 添加解析容
[root@Rocky8-node1 ~]# echo '192.168.110.31 www.page-01.com www.page-02.com www.page-01.com' >> /etc/hosts
1.4.1.2 访问
[root@Rocky8-node1 ~]# curl http://www.page-01.com Test page-01 rname:www.page-01.com [root@Rocky8-node1 ~]# curl http://www.page-02.com Test page-02 rname:www.page-02.com [root@Rocky8-node1 ~]# curl http://www.page-01.com Test page-03 rname:www.page-01.com
Windows的Hosts文件路径:C:\Windows\System32\drivers\etc\hosts
1.4.4 配置DNS正向解析(方法二)
注意:Hosts优先级 > DNS
[root@Rocky8-node1 ~]# sed -i 's/^192.168.110.31/#192.168.110.31/' /etc/hosts #把这条注释
1.4.4.1 安装DNS软件包
[root@Rocky8-node1 ~]# yum install bind -y
1.4.4.2 配置主配置文件
[root@Rocky8-node1 ~]# sed -i 's/127.0.0.1/192.168.110.31/' /etc/named.conf #更改监听地址
[root@Rocky8-node1 ~]# sed -i 's/\(allow-query\).*/allow-query { 192.168.110.0\/24; };/' /etc/named.conf
#允许来自192.168.110.0网段的查询
1.4.4.3 配置正向区域
[root@Rocky8-node1 ~]# vim /etc/named.rfc1912.zones + #区域子文件,添加内容
zone "page-01.com" IN {
type master;
file "nginx.com.zone";
};
zone "page-02.com" IN {
type master;
file "nginx.com.zone";
};
zone "page-01.com" IN {
type master;
file "nginx.com.zone";
};
[root@Rocky8-node1 ~]# named-checkconf #语法检测
1.4.4.4 配置区域记录
[root@Rocky8-node1 ~]# cp -p /var/named/named.localhost /var/named/nginx.com.zone #拷贝模板保留权限
[root@Rocky8-node1 ~]# vim /var/named/nginx.com.zone
$TTL 1D
@ IN SOA dns1.nginx.com. admin.nginx.com. (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1
dns1 A 192.168.110.31
www A 192.168.110.31
[root@Rocky8-node1 ~]# named-checkzone /var/named/nginx.com.zone /var/named/nginx.com.zone #语法检测
/var/named/nginx.com.zone:8: warning: dns1./var/named/nginx.com.zone: bad name (check-names)
/var/named/nginx.com.zone:9: dns1./var/named/nginx.com.zone: bad owner name (check-names)
/var/named/nginx.com.zone:10: www./var/named/nginx.com.zone: bad owner name (check-names)
zone /var/named/nginx.com.zone/IN: loaded serial 1
OK
[root@Rocky8-node1 ~]# systemctl enable named --now #启动服务
1.4.4.5 临时修改本机DNS
[root@Rocky8-node1 ~]# sed -i 's/^nameserver/#nameserver/' /etc/resolv.conf [root@Rocky8-node1 ~]# echo 'nameserver 192.168.110.31' >> /etc/resolv.conf
1.4.4.6 解析测试
[root@Rocky8-node1 ~]# nslookup www.page-01.com Server: 192.168.110.31 Address: 192.168.110.31#53 Name: www.page-01.com Address: 192.168.110.31 [root@Rocky8-node1 ~]# nslookup www.page-02.com Server: 192.168.110.31 Address: 192.168.110.31#53 Name: www.page-02.com Address: 192.168.110.31 [root@Rocky8-node1 ~]# nslookup www.page-01.com Server: 192.168.110.31 Address: 192.168.110.31#53 Name: www.page-01.com Address: 192.168.110.31
1.4.4.7 访问测试
[root@Rocky8-node1 ~]# curl http://www.page-01.com Test page-01 rname:www.page-01.com [root@Rocky8-node1 ~]# curl http://www.page-02.com Test page-02 rname:www.page-02.com [root@Rocky8-node1 ~]# curl http://www.page-01.com Test page-03 rname:www.page-01.com
1.5 配置没有默认主页提供下载列表索引
-
这里就拿一个虚拟主机
1.5.1 创建测试内容
[root@Rocky8-node1 ~]# mv /nginx/testpage1/index.html{,.bak} #将index.html移除
[root@Rocky8-node1 ~]# touch /nginx/testpage1/file{1..5}.docx #测试文件
1.5.2 配置虚拟主机(这里就只配一个了)
[root@Rocky8-node1 ~]# mv /etc/nginx/conf.d/VirtualHost.conf{,.bak-servername}
[root@Rocky8-node1 ~]# vim /etc/nginx/conf.d/VirtualHost.conf
server {
listen 192.168.110.31:80;
server_name www.page-01.com;
location / {
root /nginx/testpage1;
index index.html;
autoindex on;
}
}
[root@Rocky8-node1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@Rocky8-node1 ~]# nginx -s reload
-
autoindex on:启用目录列表功能
1.5.3 Windows访问
http://192.168.110.31:80
1.6 访问控制
1.6.1 基于IP的访问控制
-
允许
192.168.110.0/24网段访问,但不允许192.168.110.32/24主机访问
1.6.1.1 创建测试页
[root@Rocky8-node1 ~]# echo 'allow 192.168.110.0/24,deny 192.168.110.0/24 and all' > /nginx/testpage1/index.html
1.6.1.2 配置虚拟主机
[root@Rocky8-node1 ~]# mv /etc/nginx/conf.d/VirtualHost.conf{,.bak-index}
[root@Rocky8-node1 ~]# vim /etc/nginx/conf.d/VirtualHost.conf
server {
listen 192.168.110.31:80;
server_name www.rules.com;
location / {
root /nginx/testpage1;
index index.html;
deny 192.168.110.32;
allow 192.168.110.0/24;
deny all;
}
}
[root@Rocky8-node1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@Rocky8-node1 ~]# nginx -s reload
| ACL 规则 | 描述 |
|---|---|
deny 192.168.110.32 | 表示拒绝 IP 地址为 192.168.110.32 的设备访问网络资源。 |
allow 192.168.110.0/24 | 允许 IP 地址范围 192.168.110.0 到 192.168.110.255 内的所有设备访问网络资源。 |
deny all | 这条规则通常放在 ACL 的最后,表示拒绝所有其他未被前面规则明确允许或拒绝的访问请求。这是一个通用的拒绝规则,用于确保只有符合特定规则的流量才能通过。 |
注意:规则顺序需要规划好。
1.6.1.3 访问测试
[root@Rocky8-node1 ~]# hostname -I #本机地址192.168.110.31 192.168.110.31 [root@Rocky8-node1 ~]# echo '192.168.110.31 www.rules.com' >> /etc/hosts [root@Rocky8-node1 ~]# curl www.rules.com #正常访问 allow 192.168.110.0/24,deny 192.168.110.0/24 and all [root@Rocky8-node2 ~]# hostname -I #本机地址192.168.110.32 192.168.110.32 [root@Rocky8-node2 ~]# echo '192.168.110.31 www.rules.com' >> /etc/hosts [root@Rocky8-node2 ~]# curl www.rules.com #403拒绝访问 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.24.0</center> </body> </html> [root@Rocky8-node3 ~]# hostname -I #本机地址192.168.110.33 192.168.110.33 [root@Rocky8-node3 ~]# echo '192.168.110.31 www.rules.com' >> /etc/hosts [root@Rocky8-node3 ~]# curl www.rules.com #正常访问 allow 192.168.110.0/24,deny 192.168.110.0/24 and all
1.6.2 基于HTTP基本认证机制
1.6.2.1 创建测试页
[root@Rocky8-node1 ~]# echo 'user:survivor password:123456' > /nginx/testpage1/index.html
1.6.2.2 创建用户登录信息
[root@Rocky8-node1 ~]# yum install httpd-tools-2.4.37-62.module+el8.9.0+1436+2b7d5021.x86_64 -y #装包 [root@Rocky8-node1 ~]# htpasswd -c -m /nginx/testpage1/password survivor #密码为123456 New password: Re-type new password: Adding password for user survivor [root@Rocky8-node1 ~]# cat /nginx/testpage1/password survivor:$apr1$6EhYeiHA$q35mWV5ibJVnNxRafbq5O0
1.6.2.3 配置虚拟主机
[root@Rocky8-node1 ~]# mv /etc/nginx/conf.d/VirtualHost.conf{,.bak-iprules}
[root@Rocky8-node1 ~]# vim /etc/nginx/conf.d/VirtualHost.conf
server {
listen 192.168.110.31:80;
server_name www.user.com;
location / {
root /nginx/testpage1;
index index.html;
auth_basic "my love";
auth_basic_user_file /nginx/testpage1/password;
}
}
[root@Rocky8-node1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@Rocky8-node1 ~]# nginx -s reload
-
auth_basic "my love" #启用HTTP基本认证:并设置一个字符串作为保护区域的名称 (随便写) -
auth_basic_user_file /nginx/testpage1/password:指定一个包含用户名/密码对的文件最好写绝对路径
1.6.2.4 Windows访问测试
1.7 Nginx的location路由规则
1.7.1 location路由规则详解
-
在Nginx中,location参数用于进行路由配置,它位于虚拟主机配置模块中。
-
location参数的语法为
location[=|~|~*|^~]/uri/{...},优先级高到低匹配类型 符号 描述 精确匹配 =表示精确匹配,请求的 URI 必须完全等同于 location 指定的字符串。 普通前缀匹配 ^~表示 URI 以某个常规字符串开头,不是正则表达式匹配。 大小写敏感正则匹配 ~表示区分大小写的正则表达式匹配。 大小写不敏感正则匹配 ~*表示不区分大小写的正则表达式匹配。 通用匹配 /如果没有其他匹配,任何请求都会匹配到。 -
Location不同表达的优先级为:( location = ) > ( location 完整路径) > ( location ^~ 路径) > ( location ,* 正则顺序) > ( location 部分起始路径) > ( / )
-
如果URI是一个目录,需要以/结尾。
-
在location中,路径有两种设置方法:
-
root表示相对路径;
-
alias表示绝对路径。
-
-
location配置模块中可开启autoindex功能,表示可对访问的目录进行索引。
-
Nginx选择location块的过程类似于选择服务器块。它运行一个过程,确定给定请求的最佳location块。首先,Nginx检查所有基于前缀的location匹配(不涉及正则表达式的所有location类型),它检查每个location是否与完整的请求URI匹配。
1.7.2 配置实例
[root@Rocky8-node1 ~]# mv /etc/nginx/conf.d/VirtualHost.conf{,.bak-userrules}
[root@Rocky8-node1 ~]# vim /etc/nginx/conf.d/VirtualHost.conf
server {
listen 192.168.110.31:80;
server_name www.location.com;
location = /code1/ {
return 201;
}
location ^~ /code1 {
return 202;
}
location ~ /Code1/abc.html {
return 203;
}
location ~* /coDe1/abc.html {
return 204;
}
location / {
root /nginx/testpage1;
index index.html;
}
}
[root@Rocky8-node1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@Rocky8-node1 ~]# nginx -s reload
| location 块 | 匹配类型 | 匹配 URI 示例 | 响应状态码 | 描述 |
|---|---|---|---|---|
location = /code1/ { return 201; } | 精确匹配 | http://www.location.com/code1/ | 201 Created | 精确匹配 /code1/,不包括子路径。 |
location ^~ /code1 { return 202; } | 普通前缀匹配 | http://www.location.com/code1 | 202 Accepted | 匹配以 /code1 开头的请求,优先级高于正则匹配。 |
location ~ /Code1/abc.html { return 203; } | 大小写敏感正则匹配 | http://www.location.com/Code1/abc.html | 203 Non-Authoritative Information | 区分大小写匹配 /Code1/abc.html。 |
location ~* /coDe1/abc.html { return 204; } | 大小写不敏感正则匹配 | http://www.location.com/CoDe1/abc.html | 204 No Content | 匹配大小写任意组合的 /coDe1/abc.html。 |
location / { root /nginx/testpage1; index index.html; } | 通用匹配 | http://www.location.com/ | 根据配置 | 匹配根路径 ("/"),使用 root 和 index 指令指定默认文件。 |
1.7.3 访问测试
[root@Rocky8-node1 ~]# curl -I www.location.com/code1/ #精确匹配code1 HTTP/1.1 201 Created Server: nginx/1.24.0 Date: Wed, 17 Apr 2024 03:18:30 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive [root@Rocky8-node1 ~]# curl -I www.location.com/code1 #匹配以/code1开头 HTTP/1.1 202 Accepted Server: nginx/1.24.0 Date: Wed, 17 Apr 2024 03:18:34 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: keep-alive [root@Rocky8-node1 ~]# curl -I www.location.com/Code1/abc.html #匹配 /Code1/abc.html区分大小写 HTTP/1.1 203 Server: nginx/1.24.0 Date: Wed, 17 Apr 2024 03:18:50 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive [root@Rocky8-node1 ~]# curl -I www.location.com/coDe1/abc.html #匹配 /coDe1/abc.html不区分大小写 HTTP/1.1 204 No Content Server: nginx/1.24.0 Date: Wed, 17 Apr 2024 03:19:06 GMT Connection: keep-alive [root@Rocky8-node1 ~]# curl -I www.location.com HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Wed, 17 Apr 2024 03:19:11 GMT Content-Type: text/html Content-Length: 30 Last-Modified: Wed, 17 Apr 2024 02:42:37 GMT Connection: keep-alive ETag: "661f371d-1e" Accept-Ranges: bytes
1.8 Nginx的HTTPS配置
1.8.1 创建测试页
[root@Rocky8-node1 ~]# echo '<h1><strong>HTTP+SSL test page</strong></h1>' > /nginx/testpage1/index.html
1.8.2 生成密钥
[root@Rocky8-node1 ~]# openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus (2 primes) .............................................................................................+++++ ......................................................+++++ e is 65537 (0x010001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
1.8.3 生成证书
[root@Rocky8-node1 ~]# openssl req -new -key server.key -out server.crt Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:SN Locality Name (eg, city) [Default City]:XI'AN Organization Name (eg, company) [Default Company Ltd]:YOOZOO Organizational Unit Name (eg, section) []:SRE Common Name (eg, your name or your server's hostname) []:SERVER Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
1.8.4 备份原始的私钥文件
[root@Rocky8-node1 ~]# cp server.key server.key.copy
1.8.5 读取私钥并
[root@Rocky8-node1 ~]# openssl rsa -in server.key.copy -out server.key Enter pass phrase for server.key.copy: writing RSA key
1.8.6 生成新的X.509 证书
[root@Rocky8-node1 ~]# echo subjectAltName=IP:192.168.110.31,DNS:192.168.110.31 > cert_extensions [root@Rocky8-node1 ~]# openssl x509 -req -sha256 -days 3650 -in server.crt -signkey server.key -extfile cert_extensions -out server.crt Signature ok subject=C = CN, ST = SN, L = XI'AN, O = IT, OU = SERVER, CN = ROCKY Getting Private key
1.8.7 虚拟主机配置
[root@Rocky8-node1 ~]# mv /etc/nginx/conf.d/VirtualHost.conf{,.bak-location}
[root@Rocky8-node1 ~]# cp server.crt server.key /etc/nginx #证书和密钥要在/etc/nginx下
[root@Rocky8-node1 ~]# vim /etc/nginx/conf.d/VirtualHost.conf
server {
listen 192.168.110.31:80;
server_name www.ssl.com;
return 301 https://$host$request_uri;
#配置访问www.ssl.com自动重定向到https
}
server {
listen 443 ssl;
server_name www.ssl.com;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /nginx/testpage1;
index index.html;
}
}
[root@Rocky8-node1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@Rocky8-node1 ~]# nginx -s reload
| 模块内容 | 描述 |
|---|---|
listen 443 ssl; | 告诉 Nginx 在端口 443 上侦听传入连接,并使用 SSL/TLS 加密。 |
server_name www.ssl.com; | 指定此服务器块将响应的域名,本例中为 www.ssl.com。 |
ssl_certificate server.crt; | 指向 Nginx 用来建立安全连接的 SSL 证书文件。 |
ssl_certificate_key server.key; | 指向 SSL 私钥文件,用于解密从客户端发送到服务器的数据。 |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; | 指定 Nginx 将用于安全连接的 SSL/TLS 协议版本。 |
ssl_ciphers HIGH:!aNULL:!MD5; | 定义 Nginx 将用于 SSL/TLS 连接的密码套件,排除不安全的选项。 |
1.8.8 访问
1.9 Nginx的root和alias详解
在Nginx中,root和alias是用于定义请求的本地文件根目录的指令,它们通常在server块或location块中使用,以指定如何处理请求和文件服务。
1.9.1 root
-
root指令用于定义响应请求时使用的文件系统根目录。当Nginx处理一个请求时,它会将请求的URI与这个指令指定的目录结构进行匹配。 -
在
server块中使用时,它会影响该server块下所有location块的根目录。 -
在
location块中使用时,它会覆盖server块中定义的root指令,仅对该特定的location块有效。
1.9.2 alias
-
alias指令用于为一个特定的location块定义一个路径别名。它允许你为某个URI路径指定一个不同的文件系统路径。 -
alias后面必须紧跟一个斜杠(/),否则Nginx可能无法正确地找到文件。 -
使用
alias时,Nginx会将请求的URI减去location匹配的部分,然后将剩余的部分与alias指定的路径拼接起来,形成完整的文件路径。
假设我们有以下配置:
server {
root /var/www/html;
location /img/ {
alias /var/www/image/;
}
}
-
如果请求的URI是
/img/logo.png,Nginx将会在/var/www/image/logo.png路径下查找文件。
如果使用root指令:
server {
root /var/www/html;
location /img/ {
root /var/www; # 这会覆盖外层的root指令
}
}
-
对于相同的请求
/img/logo.png,Nginx将会在/var/www/html/img/logo.png路径下查找文件,因为root指令在location块中指定了一个新的根目录,但URI路径/img/仍然被添加到这个新根目录之后。
1.9.3 区别
-
root是指定一个基础目录,而alias是为一个特定的路径指定一个替代路径。 -
使用
alias时,请求的URI会被修改,而使用root时则不会。 -
alias后面必须有斜杠,而root后面可以没有。
337
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
