Linux中nginx配置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux中nginx配置相关的知识,希望对你有一定的参考价值。
6.10访问控制
用于location段
allow:设定允许哪台或那些主机访问,多个参数间用空格隔开
deny:设定禁止哪台或那些主机访问,多个参数间用空格隔开
实例:
//允许这个IP访问
//添加以下模块
location / {
root html;
index index.html index.htm;
allow 192.168.209.1;
deny all;
}
//禁止这个IP访问
location / {
root html;
index index.html index.htm;
deny 192.168.209.1;
allow all;
}
6.11 基于用户认证
[[email protected] ~]# mkdir /usr/local/nginx/auth
[[email protected] ~]# yum provides *bin/htpasswd
[[email protected] ~]# yum install -y httpd-tools
[[email protected] ~]# htpasswd -c -m /usr/local/nginx/auth/.user_auth_file lan
New password: //设置密码
Re-type new password:
Adding password for user lan
[[email protected] ~]# cat /usr/local/nginx/auth/.user_auth_file
lan:$apr1$4vbJXU8y$zpEH2Jf5syQhaN7GBrAlO0
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
//添加以下模块
location / {
root html;
index index.html index.htm;
auth_basic "I Love china";
auth_basic_user_file ../auth/.user_auth_file;
}
6.12 https配置
生成私钥,生成证书签署请求并获得证书,然后在nginx.conf中配置如下内容:
openssl实现私有CA:
CA的配置文件:/etc/pki/tls/openssl.cnf
①CA生成一对密钥
[[email protected] ~]# cd /etc/pki/CA/
[[email protected] CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) #生成秘钥
[[email protected] CA]# openssl rsa -in private/cakey.pem -pubout #提取公钥
②CA生成自签署证书
[[email protected] CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 #生成自签署证
[[email protected] CA]# openssl x509 -text -in cacert.pem #读出cacert.pem证书的内容
[[email protected] CA]# mkdir certs newcerts crl
[[email protected] CA]# touch index.txt && echo 01 > serial
③客户端(例如httpd服务器)生成秘钥
[[email protected] nginx]# mkdir ssl
[[email protected] nginx]# cd ssl/
[[email protected] ssl]# (umask 077;openssl genrsa -out nginx.key 2048)
[[email protected] ssl]# ls
nginx.key
④客户端生成证书签署请求
[[email protected] ssl]# openssl req -new -key nginx.key -days 365 -out nginx.csr
[[email protected] ssl]# ls
nginx.csr nginx.key #公钥私钥
⑤客户端把证书签署请求文件发送给CA
scp httpd.csr [email protected]端IP:/root
⑥CA签署客户端提交上来的证书
[[email protected] ssl]# openssl ca -in ./nginx.csr -out nginx.crt -days 365
[[email protected] ssl]# ls
nginx.crt nginx.csr nginx.key
⑦CA把签署好的证书httpd.crt发给客户端
scp httpd.crt [email protected]客户端IP:/etc/httpd/ssl/
8.6.13开启状态界面
[[email protected] conf]# vim nginx.conf
//添加以下模块
location /status {
stub_status on;
allow 192.168.209.1;
deny all;
}
6.14 rewrite(模块的作用是用来执行url重定向)
语法: rewrite regex replacement flag; 如: rewrite ^/images/(.*.jpeg)$ /imgs/$1 break;
此处的$1用于引用(.*.jpeg)匹配到的内容,又如: rewrite ^/bbs/(.*)$ http://www.baidu.com/index.html redirect
[[email protected] ~]# cd /usr/local/nginx/html
[[email protected] html]# mkdir images
[[email protected] html]# cd images/
[[email protected] images]# ls
timg.jpeg #此处添加一张图片
[[email protected] conf]# vim nginx.conf
//添加以下模块
location /images {
root html;
index index.html;
}
[[email protected] conf]# nginx -t
[[email protected] conf]# nginx -s reload
语法: rewrite regex replacement flag; 如: rewrite ^/images/(.*.jpeg)$ /imgs/$1 break;
********重命令images改为imgs,客户访问以前怎么访问的现在还是怎么访问的,重定向url**************
[[email protected] nginx]# cd html/
[[email protected] html]# mv images imgs
[[email protected] html]# ls
50x.html imgs index.html
[[email protected] conf]# vim nginx.conf
//添加一下模块
location /images {
root html;
index index.html;
rewrite ^/images/(.*.jpeg)$ /imgs/$1 break;
}
[[email protected] conf]# nginx -t
[[email protected] conf]# nginx -s reload
此处的$1用于引用(.*.jpeg)匹配到的内容,又如: rewrite ^/bbs/(.*)$ http://www.baidu.com/index.html redirect;
[[email protected] conf]# vim nginx.conf
//添加以下模块
location /images {
root html;
index index.html;
rewrite ^/images/(.*.jpeg)$ http://www.baidu.com redirect;
}
[[email protected] conf]# nginx -t
[[email protected] conf]# nginx -s reload
以上是关于Linux中nginx配置的主要内容,如果未能解决你的问题,请参考以下文章
Nginx——Nginx启动报错Job for nginx.service failed because the control process exited with error code(代码片段