11月26日任务
12.6 Nginx安装
https://my.oschina.net/u/3964535/blog/2933878
12.7 默认虚拟主机
12.8 Nginx用户认证
12.9 Nginx域名重定向
配置nginx虚拟主机
- 修改nginx主配置文件
[root@localhost nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
# 删除原有的server语句块,替换为下面的代码
include vhost/*.conf;
- 创建并修改虚拟主机配置文件(默认虚拟主机)
[root@localhost nginx-1.12.2]# cd /usr/local/nginx/conf
[root@localhost conf]# mkdir vhost
[root@localhost conf]# cd vhost/
[root@localhost vhost]# vim aaa.com.conf
server
{
# 指定监听80端口,并将该虚拟主机设置为默认虚拟主机
listen 80 default_server;
# 设置服务器的名称
server_name aaa.com;
# 设置服务器默认网页
index index.html index.htm index.php;
# 设置服务器的根目录
root /data/www/default;
}
- 创建默认虚拟主机的根目录及默认页面
[root@localhost vhost]# mkdir -p /data/www/default
[root@localhost vhost]# cd /data/www/default/
[root@localhost default]# vim index.html
aaa.com
- 检测代码并重启服务
[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload
- 效果测试
[root@localhost default]# curl -x 127.0.0.1:80 aaa.com
aaa.com
# 由于是默认的虚拟主机,任何域名都可以显示默认网页信息
[root@localhost default]# curl -x 127.0.0.1:80 bbb.com
aaa.com
nginx用户认证
nginx中一个虚拟主机对于一个配置文件
- 创建新的虚拟主机配置文件
[root@localhost default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
# 这个不是默认虚拟主机,default_server不需要配置
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/www/test.com;
# 添加下列代码
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
- 创建test.com相关目录和文件
[root@localhost default]# mkdir /data/www/test.com
[root@localhost default]# vim /data/www/test.com/index.html
test.com
- 创建密码文件 由于用户认证密码文件需要使用apache的htpasswd命令生成,安装httpd,并创建用户
[root@localhost default]# yum install -y httpd
[root@localhost default]# htpasswd -c /usr/local/nginx/conf/htpasswd test
New password:
Re-type new password:
Adding password for user test
- 重启服务
[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload
- 测试效果
# 普通访问
[root@localhost default]# curl -x 127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:24 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
# 指定用户访问
[root@localhost default]# curl -x 127.0.0.1:80 -utest:1 test.com -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:33 GMT
Content-Type: text/html
Content-Length: 8
Last-Modified: Sun, 31 Dec 2017 06:17:09 GMT
Connection: keep-alive
ETag: "5a4880e5-8"
Accept-Ranges: bytes
[root@localhost default]# curl -x 127.0.0.1:80 -utest:1 test.com
test.com
针对虚拟主机下的某个目录进行认证
- 修改代码 针对某个目录进行的认证,只需对上述的代码进行简单修改即可;
[root@localhost default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/www/test.com;
# 修改location即可,其他都不变
location /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
- 重启服务
[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload
- 验证
# test.com可以访问
[root@localhost default]# curl -x 127.0.0.1:80 test.com
test.com
# test.com下的admin目录需要用户认证
[root@localhost default]# curl -x 127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
针对虚拟主机下的某个文件(访问的URL)进行认证
*( 修改虚拟主机配置文件(使用~匹配文件)
[root@localhost default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/www/test.com;
# 修改location即可,其他都不变,这里匹配admin.php只是对简单的表示
# 可以使用更复杂的正则来显示精准的文件认证
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
- 重启服务
[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload
- 验证
[root@localhost default]# curl -x 127.0.0.1:80 test.com/admin.php<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
域名重定向
- 修改虚拟主机配置文件
[root@localhost default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
# nginx可以配置多个主机名,apache只能使用ServerAlias来指定别名
server_name test.com test2.com;
index index.html index.htm index.php;
root /data/www/test.com;
# 在多个域名
# 判断host是否为test.com
if ($host != 'test.com') {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
- 重启服务
[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload
- 验证
[root@localhost default]# curl -x 127.0.0.1:80 test2.com/index.html
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[root@localhost default]# curl -x 127.0.0.1:80 test2.com/admin/index.html
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[root@localhost default]# curl -x 127.0.0.1:80 test3.com/index.html
aaa.com