linux学习之nginx高级配置

nginx帮助网站wiki.nginx.org

1、统计网站访问信息信息

http下的server主机名localhost；这里边用server_name区分主机
        location /status {
            stub_status on;
            access_log off;
        }
访问http://192.168.0.142/status会显示访问量信息

2、https功能

[root@lnmp ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
打开https
    server {
        listen       443;
        server_name  lnmp.example.com;

        ssl                  on;
        ssl_certificate      cert.pem;
        ssl_certificate_key  cert.pem;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
生成key
[root@lnmp ~]# cd /etc/pki/tls/certs/
[root@lnmp certs]# make  cert.pem
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:lnmp.example.com
Email Address []:root@lnmp.example.com
[root@lnmp certs]# cp -p cert.pem /usr/local/lnmp/nginx/conf/
[root@lnmp conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@lnmp conf]# nginx -s reload
访问https：//192.168.0.142，确认风险，OK

3、虚拟主机

从网站复制
 server {
 listen          80;
 server_name     www.westos.org;
 access_log      logs/westos.org.access.log main;
 location / {
 index index.html;
 root  /usr/local/lnmp/nginx/virtualhost/westos.org;
 }
 }
 server {
 listen          80;
 server_name     www.linux.org;
 access_log      logs/linux.org.access.log main;
 location / {
 index index.html;
 root  /usr/local/lnmp/nginx/virtualhost/linux.org;
 }
 }
然后打开日志记录类型
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
[root@lnmp nginx]# nginx -s reload
创建目录
[root@lnmp nginx]# mkdir virtualhost/westos.org -p
[root@lnmp nginx]# mkdir virtualhost/linux.org
[root@lnmp nginx]# echo www.westos.org >virtualhost/westos.org/index.html
[root@lnmp nginx]# echo www.linux.org >virtualhost/linux.org/index.html

真机中写入解析
192.168.0.142   www.linux.org www.westos.org
访问www.linux.org和www.westos.org

4、使用nginx反向代理做负载均衡

新开两台虚拟机，安装httpd，写入不同内容；
[root@lnmp nginx]# vim conf/nginx.conf
在http开始写入
        upstream westos { 制作一个负载均衡器，供server主机访问
        server 192.168.0.143;
        server 192.168.0.197 weight=2;权值，决定承担任务量
        }
修改
server {
listen          80;
server_name     www.westos.org;
#access_log      logs/westos.org.access.log main;
location / {
proxy_pass http://westos; 提交给负载均衡器
#index index.html;
#root  /usr/local/lnmp/nginx/virtualhost/westos.org;
}
}
[root@lnmp nginx]# nginx -t
[root@lnmp nginx]# nginx -s reload
然后真机访问westos就会在197和143轮询。

5、nginx的安全维护

cache目录禁止用户访问，允许应用程序写入

upload目录允许用户上传，但不允许执行，防止挂马
[root@lnmp nginx]# cd html/
[root@lnmp html]# mkdir cache upload
[root@lnmp html]# chmod 777 cache/
[root@lnmp html]# chmod 777 upload/
[root@lnmp html]# vim upload/index.php
<?php
phpinfo()
?>
[root@lnmp html]# vim ../conf/nginx.conf写如下信息在php之前
        location ~ "^/cache"{
        return 403;
        }
访问http://192.168.0.142/chche就会提示403
如果不加
        location ~ "^/upload"{
        }
访问http://192.168.0.142/upload/index.php就会显示php信息
加上的话，就提示下载，不会运行。