nginx配置文件
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx配置文件相关的知识,希望对你有一定的参考价值。
1.访问控制
vim /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.html index.htm;
allow 192.168.56.1; //添加此行
deny all; //添加此行
}
location / {
root html;
index index.html index.htm;
deny 192.168.56.1; //修改此行
allow all; //修改此行
}
2.基于用户认证
[[email protected] ~]# yum provides htpasswd
[[email protected] ~]# yum install httpd-tools -y
[[email protected] ~]# cd /usr/local/nginx/
[[email protected] nginx]# mkdir auth
这里的密码为加密后的密码串,建议用htpasswd来创建此文件
[[email protected] ~]# htpasswd -c -m /usr/local/nginx/auth/.user_auth_file ranran
New password:
Re-type new password:
user_auth_file内容格式为:username:password
[[email protected] ~]# cat /usr/local/nginx/auth/.user_auth_file
ranran:$apr1$U4iGIk.V$/OqSCBKpXLLOG39cZvQwy.
auth_basic "欢迎信息";
auth_basic_user_file "/path/to/user_auth_file"
编辑配置文件:
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.html index.htm;
auth_basic "i love you,ran"; //添加此行
auth_basic_user_file /usr/local/nginx/auth/.user_auth_file; //添加此行
}
输入ip192.168.56.12访问
//用设置的用户名,密码登录
3.https配置
openssl实现私有CA
CA的配置文件:/etc/pki/tls/openssl.cnf
a)CA生成一对密钥
[[email protected] ~]# cd /etc/pki/CA
[[email protected] CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成密钥,括号必须要
Generating RSA private key, 2048 bit long modulus
................................................................................................................+++
..................+++
e is 65537 (0x10001)
[[email protected] CA]# openssl rsa -in private/cakey.pem -pubout //提取公钥
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz89y+Qh4cK+YSCZJd7Mc
LnLkBgHGy4HKdwMHHoCfBi+EE9LEMF3WqQp8Q0BEsqNDknUVyK2Owg+sVFvdwgBF
nCz2zRN9Hp8r29ysZ6EUVCiVWj1ka5byMUxwEPJA1dt8F+o6qaYaBXe5JAzA9OoK
OdtN6oc1yLGwdpxSNpJkCGZnam9Xl/PTuhLt0z1LCsz+wGhVMX8kEg1tSXbUEMMK
Bfd7kaNKMUHh7lohNMZ25+4YxOJIjrvB3sc+hFuZMTI93ip4qPHoqaNkSQIq/cvJ
e08XYbjrwz1Y414g+LbbFzYtcC1asNreCUTHWiX3IivTuL/ScqKrAH5VxWCALwVn
dQIDAQAB
-----END PUBLIC KEY-----
b)CA生成自签署证书
//生成证书
[[email protected] CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
//读取证书内容
[[email protected] CA]# openssl x509 -text -in cacert.pem
[[email protected] CA]# mkdir certs newcerts crl
[[email protected] CA]# touch index.txt && echo 01 > serial
c)客户端(例如nginx服务器)生成密钥
[[email protected] ~]# cd /usr/local/nginx && mkdir ssl && cd ssl
[[email protected] ssl]# (umask 077;openssl genrsa -out nginx.key 2048)
d)客户端生成证书签署请求
[[email protected] ssl]# openssl req -new -key nginx.key -days 365 -out nginx.csr
[[email protected] ssl]# openssl ca -in ./nginx.csr -out nginx.crt -days 365
Certificate is to be certified until Sep 2 18:20:40 2019 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
//编辑配置文件
[[email protected] ~]# vi /usr/local/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name www.ranran520.com; //编辑此处,用域名
ssl_certificate /usr/local/nginx/ssl/nginx.crt; //编辑此处
ssl_certificate_key /usr/local/nginx/ssl/nginx.key; 编辑此处
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
[[email protected] ~]# nginx -t //检查是否有语法错误
[[email protected] ~]# nginx -s reload //重新加载配置文件
修改C:WindowsSystem32driversetc下面的hosts文件,添加域名映射,可实现域名访问
192.168.56.12 www.ranran520.com
4.开启状态界面‘
开启status
location /status {
stub_status on;
allow 192.168.56.1;
deny all;
}
5.rewrite
[[email protected] ~]# cd /usr/local/nginx/
[[email protected] nginx]# cd html/
[[email protected] html]# mkdir images
//传张图片到images目录下,用于验证
[[email protected] images]# ls
1.jpg
//修改配置文件,
location / {
root html;
index index.html index.htm;
}
//添加以下内容
location /images {
root html;
index index.html;
}
//访问
//将images目录重命名
[[email protected] html]# ls
50x.html images index.html
[[email protected] html]# mv images imgs
[[email protected] html]# ls
50x.html imgs index.html
//修改配置文件
location /images {
root html;
index index.html;
rewrite ^/images/(.*.jpg)$ /imgs/$1 break; //添加此行,将原先images的内容赋予imgs
}
//用原先的url访问
rewrite ^/images/(.*.jpg)$ http://www.baidu.com;
//将原先的images链接到百度,用192.168.56.12/images/1.jpg访问
以上是关于nginx配置文件的主要内容,如果未能解决你的问题,请参考以下文章
Nginx——Nginx启动报错Job for nginx.service failed because the control process exited with error code(代码片段