目录
源码安装nginx
1.请准备1台Centos系统的服务器,并配置静态IP地址
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="0f002d87-e743-4195-abd1-69fe3cdfd721"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.194.130
NETMASK=255.255.255.0
GATEWAY=192.168.194.2
DNS1=8.8.8.8
DNS2=114.114.114.114
2.关闭iptables和SELinux,并测试yum可用
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum repolist
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.ustc.edu.cn
* extras: mirrors.ustc.edu.cn
* updates: mirrors.163.com
源标识 源名称 状态
base/7/x86_64 CentOS-7 - Base 10,070
extras/7/x86_64 CentOS-7 - Extras 413
updates/7/x86_64 CentOS-7 - Updates 1,134
repolist: 11,617
3.请将Nginx的源码包上传至Centos服务器上
上传nginx包
链接: https://pan.baidu.com/s/1B1jr9nhDgl2scdEhBeBVCg 提取码: 41m2 复制这段内容后打开百度网盘手机App,操作更方便哦
[root@localhost ~]# yum -y install gcc gcc-c++ pcre-devel zlib-devel openssl-devel
4.开始配置和安装,要求Nginx安装在 /usr/local/nginx 目录中
[root@localhost nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
[root@localhost ~]# make && make install
[root@localhost ~]# mkdir logs
[root@localhost ~]# touch logs/{error,access}.log #创建文件
[root@localhost nginx]# /usr/local/nginx/sbin/nginx -t #检测配置文件有无错误
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
5. 启动Nginx
[root@localhost ~]# /usr/local/nginx/sbin/nginx #绝对路径启动nginx
[root@localhost ~]# netstat -lptnu|grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3850/nginx: master
6. 创建软链接
[root@localhost ~]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@localhost ~]# nginx -s stop #停止nginx服务
[root@localhost ~]# nginx #可以直接执行Nginx启动
7. 在网页中访问自己安装的nginx服务器
Nginx默认网站
[root@localhost html]# pwd
/usr/local/nginx/html
[root@localhost html]# echo aaaaa > a/index.html
[root@localhost html]# elinks http://192.168.159.132/a --dump
aaaaa
访问控制
location / {
#根目录路径
root html;
#索引页
index index.html index.htm;
}
location /a { #定义需要控制的目录a 只允许本机访问a目录,其他机器拒绝
allow 192.168.159.132; #允许访问地址
deny all; #拒绝其他访问
#return 404; #返回404
#return http://www.baidu.com; #返回百度网站
}
[root@localhost html]# killall -s HUP nginx #重新加载和重载nginx效果一样
效果依次展示
[root@localhost ~]# elinks http://192.168.159.132/a --dump #只允许本机访问
aaaaa
其他拒绝效果
返回404效果
返回百度网站效果
Nginx登录验证
location / {
#根目录路径
root html;
#索引页
index index.html index.htm;
}
#目录用户验证:任何人都可以访问,但需凭用户密码才能访问
location /b { #定义需要控制的目录b
auth_basic "本人登录验证aaa";
auth_basic_user_file /etc/nginx/htpasswd;
}
[root@localhost ~]# mkdir /etc/nginx
[root@localhost ~]# htpasswd -c /etc/nginx/htpasswd sky
New password:
Re-type new password:
Adding password for user sky
输入用户名sky,密码123
日志管理
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#自定义日志wu
log_format wu '[$time_local] $remote_addr "$request" $status'
server {
listen 80;
server_name localhost;
#charset koi8-r;
#虚拟主机的访问日志路径 调用日志wu
access_log logs/host.access.log wu;
测试(json类似)
[root@localhost logs]# ssh root@192.168.159.132 #重新登录终端
root@192.168.159.132's password:
Last login: Sun Jul 31 23:07:55 2022 from 192.168.159.132
[root@localhost ~]# cd /usr/local/nginx/logs/
[root@localhost logs]# ls #查看是否生成日志文件host.access.log
access.log error.log host.access.log nginx.pid
[root@localhost logs]# tailf host.access.log #访问网页查看结果
[31/Jul/2022:23:12:26 +0800] 192.168.159.1 "GET / HTTP/1.1" 304sendfileon
[31/Jul/2022:23:12:35 +0800] 192.168.159.1 "GET /a/ HTTP/1.1" 302sendfileon
[31/Jul/2022:23:12:44 +0800] 192.168.159.1 "GET /b/ HTTP/1.1" 304sendfileon
防盗链
#请求头request headers中出现referers表示防盗入侵 blocked硬件防火墙 ayitula.com内网(第三方)
location /c {
#location ~* \.(png|gif|bmp)$ {
#有效referers
valid_referers none blocked *.ayitula.com;
#非法referers
if ($invalid_referer) {
return 403;
}
}
虚拟主机
基于IP
每个网站都需要1个IP
缺点:需要多个IP 公网:每个IP都需要花钱
[root@localhost conf]# ifconfig ens33:1 192.168.159.133 up #添加一个133子网卡
[root@localhost ~]# mkdir /usr/local/nginx/html/web01 #新建根目录web01
[root@localhost ~]# mkdir /usr/local/nginx/html/web02 #新建根目录web02
[root@localhost ~]# echo web01 > /usr/local/nginx/html/web01/index.html #创建索引页web01
[root@localhost ~]# echo web02 > /usr/local/nginx/html/web02/index.html #创建索引页web02
[root@localhost conf]# vim nginx.conf #修改配置文件
server {
listen 192.168.159.132:80;
location / {
root html/web01;
index index.html index.htm;
}
}
server {
listen 192.168.159.133:80;
location / {
root html/web02;
index index.html index.htm;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -g /usr/local/nginx/conf/nginx.conf #测试配置文件是否正常
nginx: [emerg] unexpected end of parameter, expecting ";" in command line
[root@localhost ~]# killall nginx
[root@localhost ~]# /usr/local/nginx/sbin/nginx #启动nginx
[root@localhost ~]# lsof -i :80 #查看状态
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1345 root 6u IPv4 24689 0t0 TCP localhost.localdomain:http (LISTEN)
nginx 1345 root 7u IPv4 24690 0t0 TCP localhost.localdomain:http (LISTEN)
nginx 1346 nobody 6u IPv4 24689 0t0 TCP localhost.localdomain:http (LISTEN)
nginx 1346 nobody 7u IPv4 24690 0t0 TCP localhost.localdomain:http (LISTEN)
[root@localhost ~]# netstat -nltp | grep nginx #查看状态
tcp 0 0 192.168.159.133:80 0.0.0.0:* LISTEN 1345/nginx: master
tcp 0 0 192.168.159.132:80 0.0.0.0:* LISTEN 1345/nginx: master
[root@localhost ~]# elinks http://192.168.159.132:80 --dump #测试web01
web01
[root@localhost ~]# elinks http://192.168.159.133:80 --dump #测试web02
web02
基于端口
只需要一个IP
缺点: 端口无法告诉公网用户(比如百度) 不适用于公网客户 只能用户内部用户(内网)
[root@localhost ~]# ifconfig ens33:1 192.168.159.133 down #删除子网卡
[root@localhost conf]# vim nginx.conf #修改配置文件
server {
listen 80;
location / {
root html/web01;
index index.html index.htm;
}
}
server {
listen 8080;
location / {
root html/web02;
index index.html index.htm;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -g /usr/local/nginx/conf/nginx.conf #测试配置文件是否正常
nginx: [emerg] unexpected end of parameter, expecting ";" in command line
[root@localhost ~]# killall nginx
[root@localhost ~]# /usr/local/nginx/sbin/nginx
[root@localhost ~]# netstat -nltp | grep nginx
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1370/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1370/nginx: master
[root@localhost ~]# elinks http://192.168.159.132 --dump #测试web01
web01
[root@localhost ~]# elinks http://192.168.159.132:8080 --dump #测试web02
web02
基于域名
一个网站必有一个域名
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.159.132 www.123.com
192.168.159.132 www.456.com
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.123.com;
location / {
root html/web01;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.456.com;
location / {
root html/web02;
index index.html index.htm;
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -g /usr/local/nginx/conf/nginx.conf #测试配置文件是否正常
nginx: [emerg] unexpected end of parameter, expecting ";" in command line
[root@localhost ~]# killall nginx
[root@localhost ~]# /usr/local/nginx/sbin/nginx
[root@localhost ~]# netstat -nltp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1409/nginx: master
[root@localhost ~]# elinks http://www.123.com --dump #测试web01
web01
[root@localhost ~]# elinks http://www.456.com --dump #测试web02
web02