Nginx搭建,访问控制
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx搭建,访问控制相关的知识,希望对你有一定的参考价值。
一、nginx
1.优点
1)多并发数:30000 - 50000
2)网易、腾讯等
3)新闻、论坛等
4)静态网页
5)轻量级
6)nginx+tomcat:负载均衡
Apache:模块化设计
特点:
1)多并发数:30000-50000
2)模块较少(缓存、群集)
3)轻量化(工作模式event)
二、Nginx
源代码
1.安装软件包
1)rm -rf /etc/yum.repos.d/*
2)vim /etc/yum.repos.d/local.repo
[name]
name=local
baseurl=file:///mnt
gpgcheck=0
enable=1
3)yum -y install lrzsz //安装软件包,支持鼠标上传文件
4)yum -y install pcre-devel //支持地址重写功能(防盗链)
5)useradd -M -s /sbin/nologin nginx //新建运行用户
6)tar -zxvf nginx-1.6.0.tar.gz -C /usr/src/ //解压nginx源码包
7)cd /usr/src/nginx-1.6.0/ //进入nginx源码解压目录
8)./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
详解:
--user:指定运行用户
--group:指定运行组
--with-http_stub_status_module:启用状态统计模块支持
8)make && make install
2.修改配置文件
vim /usr/local/nginx/conf/nginx.conf //编辑nginx主配置文件
user nobody nginx; //指定Nginx运行用户和组
worker_processes 1; //启动进程数(根据物理CPU个数设置)
error_log logs/error.log info; //定义错误日志,记录级别为info(信息)
pid logs/nginx.pid; //指定PID文件(存储程序进程号)位置
events {
use epoll; //使用epoll网络I/O模型,优化Nginx
worker_connections 1024; //每个工作进程允许最大的同时连接数
}
http {
include mime.types;
//额外加载该文件(mime.types内定义各文件类型映像,如image/png png;png格式文件为图片类型;主要用于识别文件类型,什么类型使浏览器用什么方式呈现)
default_type application/octet-stream; //默认响应为文件流
access_log logs/access.log main; //指定所有站点访问日志存放路径
sendfile on; //打开系统函数sendfile()提高性能
tcp_nopush on; //sendfile开启后才生效,调用tcp_cork方法
#keepalive_timeout 0;
keepalive_timeout 65; //会话保持时间,指定时间内客户端无访问请求,断开连接,需连接时重新请求
gzip on; //网页压缩
server {
listen 80; //定义服务器监听端口
server_name localhost; //定义服务器名及监听IP
charset utf-8; //网站的字符编码
access_log logs/host.access.log main; //指定当前站点访问日志存放路径
location / { ////匹配客户端所有请求,执行如下操作
root html; //网页存放目录
index index.html index.htm; //Nginx首页支持页面
}
error_page 500 502 503 504 /50x.html;
location = /50x.html { //错误页面
}
}
}
3.启动服务
1)ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ 或echo "PATH=$PATH:/usr/local/nginx/sbin/" >>/etc/profile && source /etc/profile
//将命令做软链接或加入到PATH环境变量,方便命令执行
2)vim /etc/init.d/nginx
#!/bin/bash
chkconfig: - 99 20
description: Nginx Server Control Script
NP="/usr/local/nginx/sbin/nginx"
NPF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$NP;
if [ $? -eq 0 ]
then
echo "nginx is starting!! "
fi
;;
stop)
kill -s QUIT $(cat $NPF)
if [ $? -eq 0 ]
then
echo "nginx is stopping!! "
fi
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $NPF)
if [ $? -eq 0 ]
then
echo "nginx config file is reload! "
fi
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
3)chmod +x /etc/init.d/nginx
4)/etc/init.d/nginx start && chkconfig --level 35 nginx on
5)nginx -t //检查配置文件是否有误
4.增加状态统计支持
1)vim /usr/local/nginx/conf/nginx.conf
location /status { //在server下添加如下行
stub_status on;
access_log off;
}
2)/etc/init.d/nginx restart
5.aws状态统计页面
1)awstats部署
tar -zxvf awstats-7.3.tar.gz //解压
mv awstats-7.3 /usr/local/awstats //移动并重命名为/usr/local/awstats目录
chown -R root:root /usr/local/awstats //设置目录所有者及所有组为root用户
chmod -R 755 /usr/local/awstats/ //给予所有者完整权限
chmod +x /usr/local/awstats/tools/*.pl //给予所有以.pl结尾的文件所有人拥有执行权限
chmod +x /usr/local/awstats/wwwroot/cgi-bin/*.pl //给予所有以.pl结尾的文件所有人拥有执行权限
2)awstats配置
cd /usr/local/awstats/tools/
./awstats_configure.pl //生成配置文件及目录(y-->none-->y-->主机名-->回车-->回车)
vim /etc/awstats/awstats.www.xueluo.org.conf //编辑生成的配置文件
50 LogFile="/usr/local/nginx/logs/access.log" //修改Nginx访问日志路径
mkdir /var/lib/awstats //创建图表存放目录
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl --update --config=www.xueluo.org //根据日志生成图表
3)生成html静态页面
mkdir /usr/local/nginx/html/awstats //创建静态页面存放目录
./awstats_buildstaticpages.pl --update --config=www.xueluo.org --lang=cn --dir=/usr/local/nginx/html/awstats/
//根据配置文件生成中文的html静态文件到/usr/local/nginx/html/awstats/
vim /usr/local/nginx/conf/nginx.conf
39 location ~ ^/awstats {
40 root /usr/local/nginx/html/awstats;
41 index index.html;
42 }
43
44 location ~ ^/icon|/css|/js|/classess {
45 root /usr/local/awstats/wwwroot/;
46 }
crontab -e //新建计划任务,每隔5分钟生成图表并转换为html文件
*/5 * * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl --update --config=www.xueluo.org && /usr/local/awstats/tools/awstats_buildstaticpages.pl --update --config=www.xueluo.org --lang=cn --dir=/usr/local/nginx/html/awstats/
4)访问
http://IP/awstats.www.xueluo.org.html
一、访问控制
1.生成密码认证文件(htpasswd) yum -y install httpd-tools
1)rm -rf /etc/yum.repos.d/*
2)vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
3)mount /dev/cdrom /mnt
4)yum -y install httpd-tools
5)htpasswd -c /usr/local/nginx/conf/.hehe hehe
6)chown nginx /usr/local/nginx/conf/.hehe && chmod 400 /usr/local/nginx/conf/.hehe
2.修改配置文件,添加认证选项
1)vim /usr/local/nginx/conf/nginx.conf
location /status { //Server配置项下增加
stub_status on;
access_log off;
auth_basic "secret"; //基本认证
auth_basic_user_file /usr/local/nginx/conf/.hehe; //指定用户认证配置文件路径
}
3.重启服务,测试
1)/etc/init.d/nginx restart
二、虚拟主机
1.实现方式
1)基于域名:不同域名、相同IP、相同端口
2)基于IP:不同域名、不同IP、相同端口
3)基于端口:不同域名、不同IP、不同端口
三、基于域名
1.DNS搭建
1)安装bind软件包
rm -rf /etc/yum.repos.d/*
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
mount /dev/cdrom /mnt
yum -y install bind bind-utils
2)编辑配置文件
vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.10; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
dnssec-enable no;
dnssec-validation no;
}
zone "xueluo.org" IN {
type master;
file "xueluo.org.zone";
};
cp /var/named/named.empty /var/named/xueluo.org.zone
vim /var/named/xueluo.org.zone
$TTL 86400
@ IN SOA xueluo.org. root.xueluo.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.xueluo.org.
ns IN A 192.168.1.10
www IN A 192.168.1.10
image IN A 192.168.1.10
3)启动服务并测试
chown named:named /var/named/xueluo.org.zone
/etc/init.d/named restart
2.编辑nginx配置文件
1)vim /usr/local/nginx/conf/nginx.conf
111 server {
112 listen 80;
113 server_name www.xueluo.org;
114
115 location / {
116 root /usr/local/nginx/html/www;
117 index index.html;
118 }
119 }
121 server {
122 listen 80;
123 server_name image.xueluo.org;
124
125 location / {
126 root /usr/local/nginx/html/image;
127 index index.html;
128 }
129 }
2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image
3)echo "www is www" >/usr/local/nginx/html/www/index.html
4)echo "image is image" >/usr/local/nginx/html/image/index.html
3.启动服务
1)nginx -t //验证配置文件是否有误
2)/etc/init.d/nginx restart
四、基于IP
1.DNS搭建
1)安装bind软件包
rm -rf /etc/yum.repos.d/*
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
mount /dev/cdrom /mnt
yum -y install bind bind-chroot bind-utils
2)编辑配置文件
vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.10; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
dnssec-enable no;
dnssec-validation no;
}
zone "xueluo.org" IN {
type master;
file "xueluo.org.zone";
};
cp /var/named/named.empty /var/named/xueluo.org.zone
vim /var/named/xueluo.org.zone
$TTL 86400
@ IN SOA xueluo.org. root.xueluo.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.xueluo.org.
ns IN A 192.168.1.10
www IN A 192.168.1.10
image IN A 192.168.1.11
3)启动服务并测试
ifconfig eth0:0 192.168.1.11
chown named:named /var/named/xueluo.org.zone
/etc/init.d/named restart
nslookup www.xueluo.org && nslookup image.xueluo.org
2.编辑nginx配置文件
1)vim /usr/local/nginx/conf/nginx.conf
36 listen 81; //将默认监听端口换位81
111 server {
112 listen 192.168.1.10:80;
113 server_name www.xueluo.org;
114
115 location / {
116 root /usr/local/nginx/html/www;
117 index index.html;
118 }
119 }
121 server {
122 listen 192.168.1.20:80;
123 server_name image.xueluo.org;
124
125 location / {
126 root /usr/local/nginx/html/image;
127 index index.html;
128 }
129 }
2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image
3)echo "www is www" >/usr/local/nginx/html/www/index.html
4)echo "image is image" >/usr/local/nginx/html/image/index.html
3.启动服务
1)nginx -t //验证配置文件是否有误
2)/etc/init.d/nginx restart
五、基于端口
1.DNS搭建
1)安装bind软件包
rm -rf /etc/yum.repos.d/*
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
mount /dev/cdrom /mnt
yum -y install bind bind-chroot bind-utils
2)编辑配置文件
vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.10; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
dnssec-enable no;
dnssec-validation no;
}
zone "xueluo.org" IN {
type master;
file "xueluo.org.zone";
};
cp /var/named/named.empty /var/named/xueluo.org.zone
vim /var/named/xueluo.org.zone
$TTL 86400
@ IN SOA xueluo.org. root.xueluo.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.xueluo.org.
ns IN A 192.168.1.10
www IN A 192.168.1.10
image IN A 192.168.1.11
3)启动服务并测试
ifconfig eth0:0 192.168.1.11
chown named:named /var/named/xueluo.org.zone
/etc/init.d/named restart
nslookup www.xueluo.org && nslookup image.xueluo.org
2.编辑nginx配置文件
1)vim /usr/local/nginx/conf/nginx.conf
36 listen 81; //将默认监听端口换位81
111 server {
112 listen 192.168.1.10:82;
113 server_name www.xueluo.org;
114
115 location / {
116 root /usr/local/nginx/html/www;
117 index index.html;
118 }
119 }
121 server {
122 listen 192.168.1.20:83;
123 server_name image.xueluo.org;
124
125 location / {
126 root /usr/local/nginx/html/image;
127 index index.html;
128 }
129 }
2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image
3)echo "www is www" >/usr/local/nginx/html/www/index.html
4)echo "image is image" >/usr/local/nginx/html/image/index.html
3.启动服务
1)nginx -t //验证配置文件是否有误
2)/etc/init.d/nginx restart
以上是关于Nginx搭建,访问控制的主要内容,如果未能解决你的问题,请参考以下文章