Nginx虚拟主机
cd /usr/local/nginx/conf/
vim /usr/local/nginx/conf/nginx.conf
新增#include vhost/*.conf;
创建vhost目录,并新建aaa.com.conf默认虚拟主机配置内容;
[root@ying01 conf]# pwd
/usr/local/nginx/conf
[root@ying01 conf]# mkdir vhost //创建vhost目录
[root@ying01 conf]# cd vhost/
[root@ying01 vhost]# ls
[root@ying01 vhost]# vim aaa.com.conf
创建默认的网站目录
[root@ying01 vhost]# mkdir /data/wwwroot/default
[root@ying01 vhost]# cd /data/wwwroot/default/
[root@ying01 default]# vim index.html //建立index.html文件
检测语法,重新加载配置文件;测试相关网站;任意的域名,都会指向默认主机的网站名;
Nginx用户认证
创建用户;
由于nginx没有自带创建用户的工具,因此需要借助httpd工具;假如没有,则用此命令 yum install -y httpd;因为本机已经安装,因此直接执行;
/usr/local/apache2.4/bin/htpasswd -c /usr/local/nginx/conf/htpasswd ying
用户认证测试主机
curl -uying:www123 -x127.0.0.1:80 test.com -I
Nginx域名重定向
当我们站点有多个域名的时候,权重降低了,但是之前的域名已经被一部分人所依赖了,也不可能去通知大家新的站点,所以我们就会选择一个主域名其它的直接跳到主域名!
vim test.com.conf
以下为更改的配置内容…
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if (KaTeX parse error: Expected '}', got 'EOF' at end of input: … rewrite ^/(.*) http://test.com/$1 permanent; //永久跳转
}
}
Nginx日志
nginx日志的选项:
名词
释义
$remote_addr
客户端ip(公网ip)
$http_x_forwarded_for
代理服务器的ip
$time_local
服务器本地时间
$host
访问主机名(域名)
$request_uri
访问的url地址
$status
状态码
$http_referer
referer
$http_user_agent
user_agent
nginx日志的选项:
名词
释义
$remote_addr
客户端ip(公网ip)
$http_x_forwarded_for
代理服务器的ip
$time_local
服务器本地时间
$host
访问主机名(域名)
$request_uri
访问的url地址
$status
状态码
$http_referer
referer
$http_user_agent
user_agent
在nginx主配置文件定义日志的,其中combined_realip为日志的名称,这个名称可以自定义,比如这里自定义为 ying
vim …/nginx.conf
检测、加载配置后,进行测试;
在虚拟主机配置文件里,定义日志目录和格式、名称;
[root@ying01 vhost]# vim test.com.conf
以下为更改的配置内容…
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if (KaTeX parse error: Expected '}', got 'EOF' at end of input: … rewrite ^/(.*) http://test.com/$1 permanent;
}
access_log /tmp/test.com.log ying; //定义日志格式 和目录
}
检测、加载配置后,进行测试;
cat /tmp/test.com.log //查看生成的日志
由于Nginx不像Apache有自己的切割工具,在此我们需要写个脚本完成需求:
vim /usr/local/sbin/nginx_logrotate.sh
以下为脚本内容:
#! /bin/bash
d=date -d "-1 day" +%Y%m%d
logdir="/tmp/" //假设nginx的日志存放路径为/tmp/
nginx_pid="/usr/local/nginx/logs/nginx.pid"cd $logdirfor log in ls *.log
do
mv $log
l
o
g
−
log-
log−ddone
/bin/kill -HUP cat $nginx_pid
Nginx防盗链
防盗链代码,里面包含过期时间;
location ~* ^.*(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ {
expires 7d;
valid_referers none blocked server_names *.test.com;
if ($invalid_referer) {
return 403;
}
access_log off;
}
把此代码,放入虚拟主机配置中;
[root@ying01 ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if (KaTeX parse error: Expected '}', got 'EOF' at end of input: … rewrite ^/(.*) http://test.com/KaTeX parse error: Expected 'EOF', got '}' at position 14: 1 permanent; }̲ location ~* ^.… {
expires 7d; //包含过期时间
valid_referers none blocked server_names *.test.com; //定义白名单
if (KaTeX parse error: Expected 'EOF', got '}' at position 86: …ccess_log off; }̲ location ~ .*\…
{
#expires 12h;
access_log off;
}
access_log /tmp/test.com.log ying;
}
检查语句,并加载配置文件
[root@ying01 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@ying01 ~]# /usr/local/nginx/sbin/nginx -s reload
测试,针对有效referer和无效referer的对比;
[root@ying01 ~]# curl -e “http://www.qq.com/1.txt” -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 403 Forbidden //无效refer,返回403
Server: nginx/1.4.7
Date: Fri, 06 Jul 2018 00:48:58 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
root@ying01 ~]# curl -e “http://xx.test.com/1.txt” -x127.0.0.1:80 -I test.com/1.gif
HTTP/1.1 200 OK //白名单的refer
Server: nginx/1.4.7
Date: Fri, 06 Jul 2018 00:51:19 GMT
Content-Type: image/gif
Content-Length: 10
Last-Modified: Thu, 05 Jul 2018 15:29:40 GMT
Connection: keep-alive
ETag: “5b3e3964-a”
Expires: Fri, 13 Jul 2018 00:51:19 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
Nginx访问控制
为了提高安全性,我们需要将某些页面加密处理!
[root@ying01 ~]# !vim
vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if (KaTeX parse error: Expected '}', got 'EOF' at end of input: … rewrite ^/(.*) http://test.com/KaTeX parse error: Expected 'EOF', got '}' at position 14: 1 permanent; }̲ location ~* ^.… {
expires 7d;
valid_referers none blocked server_names *.test.com;
if (KaTeX parse error: Expected 'EOF', got '}' at position 50: …ccess_log off; }̲ location ~ .*\…
{
#expires 12h;
access_log off;
}
location /admin/
{
#allow 127.0.0.1; //注意不执行,可以测试的时候做对比
allow 192.168.72.130;
deny all;
}
access_log /tmp/test.com.log ying;
}
Nginx解析php相关配置
vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test2.com test3.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if (KaTeX parse error: Expected '}', got 'EOF' at end of input: … rewrite ^/(.*) http://test.com/KaTeX parse error: Expected 'EOF', got '}' at position 14: 1 permanent; }̲ location ~* ^.… {
expires 7d;
valid_referers none blocked server_names *.test.com;
if (KaTeX parse error: Expected 'EOF', got '}' at position 50: …ccess_log off; }̲ location ~ .*\…
{
expires 12h;
access_log off;
}
location /admin/
{
#allow 127.0.0.1;
allow 192.168.72.130;
deny all;
}
location ~ .(upload|image)/..php$
{
deny all;
}
if (KaTeX parse error: Can't use function '\.' in math mode at position 77: …; } location ~ \̲.̲php
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name;
}
access_log /tmp/test.com.log ying;
}
Nginx代理
Nginx代理是一种反向代理。反向代理(Reverse Proxy)方式是指以代理服务器来接受Internet上的连接请求,然后将请求转发给内部网络上的服务器;并将从服务器上得到的结果返回给Internet上请求连接的客户端,此时代理服务器对外就表现为一个服务器。
创建proxy.conf配置文件,写入以下代码;
cd /usr/local/nginx/conf/vhost
vim proxy.conf
server
{
listen 80;
server_name ask.apelearn.com;
location /
{
proxy_pass http://47.104.7.242/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
1498
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
