1. 访问控制!!!
- 可以用在http, server, location, limit_except 上配置!!!
- 每一个层级都是影响到下一个层级的所有!
- allow:设定允许哪台或哪些主机访问,多个参数间用空格隔开
- deny:设定禁止哪台或哪些主机访问,多个参数间用空格隔开
1. 1 测试!!! 拒绝本机的访问!
[root@localhost nginx-1.20.1]# vim /usr/local/nginx/conf/nginx.conf
location /abc {
deny 192.168.160.150;
echo "abc";
}
[root@localhost nginx-1.20.1]# nginx -s reload
[root@localhost nginx-1.20.1]# curl 192.168.160.150
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
1.2 先允许后拒绝为白名单,除了允许之外的都禁止!!
[root@localhost nginx-1.20.1]# vim /usr/local/nginx/conf/nginx.conf
location /linjunjie {
allow 192.168.160.150;
deny all;
echo "linjunjie";
}
[root@localhost nginx-1.20.1]# nginx -s reload
[root@localhost nginx-1.20.1]# curl 192.168.160.150/linjunjie
linjunjie
1.3 在http 上设置黑名单!!!!
[root@localhost nginx-1.20.1]# vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
deny 192.168.160.150;
[root@localhost nginx-1.20.1]# nginx -s reload
[root@localhost nginx-1.20.1]# curl 192.168.160.150
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
2. 用户认证!!
2.1 用户认证也可以分别在 http,server,location 上配置!
[root@localhost conf]# yum -y install httpd-tools
[root@localhost nginx-1.20.1]# htpasswd -c -m /usr/local/nginx/conf/.user_auth laolin
New password:
Re-type new password:
Adding password for user laolin
[root@localhost nginx-1.20.1]# vim /usr/local/nginx/conf/nginx.conf
location /test {
auth_basic "test";
auth_basic_user_file /usr/local/nginx/conf/.user_auth;
echo "linjunjie";
}
[root@localhost nginx]# nginx -s reload
2.2 在http上配置!!!!
[root@localhost nginx]# vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
auth_basic "test";
auth_basic_user_file .user_auth;
[root@localhost nginx]# nginx -s reload
3. httpds配置!!!
server {
listen 443 ssl;
server_name www.laolin.com;
ssl_certificate /usr/local/nginx/ssl/nginx.crt;
ssl_certificate_key /usr/local/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
}
[root@localhost nginx]# nginx -s reload
[root@localhost nginx]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:443 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*