Nginx搭建,访问控制

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx搭建,访问控制相关的知识,希望对你有一定的参考价值。

一、nginx

1.优点

1)多并发数:30000 - 50000

2)网易、腾讯等

3)新闻、论坛等

4)静态网页

5)轻量级

6)nginx+tomcat:负载均衡

Apache:模块化设计

特点:

1)多并发数:30000-50000

2)模块较少(缓存、群集)

3)轻量化(工作模式event)

二、Nginx

源代码

1.安装软件包

1)rm -rf /etc/yum.repos.d/*

2)vim /etc/yum.repos.d/local.repo

[name]
name=local
baseurl=file:///mnt
gpgcheck=0
enable=1

3)yum -y install lrzsz //安装软件包,支持鼠标上传文件

4)yum -y install pcre-devel //支持地址重写功能(防盗链)

5)useradd -M -s /sbin/nologin nginx //新建运行用户

6)tar -zxvf nginx-1.6.0.tar.gz -C /usr/src/ //解压nginx源码包

7)cd /usr/src/nginx-1.6.0/ //进入nginx源码解压目录

8)./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module

详解:

--user:指定运行用户

--group:指定运行组

--with-http_stub_status_module:启用状态统计模块支持

8)make && make install

2.修改配置文件

vim /usr/local/nginx/conf/nginx.conf //编辑nginx主配置文件

user nobody nginx; //指定Nginx运行用户和组
worker_processes 1; //启动进程数(根据物理CPU个数设置)
error_log logs/error.log info; //定义错误日志,记录级别为info(信息)

pid logs/nginx.pid; //指定PID文件(存储程序进程号)位置

events {
use epoll; //使用epoll网络I/O模型,优化Nginx
worker_connections 1024; //每个工作进程允许最大的同时连接数
}

http {
include mime.types;

//额外加载该文件(mime.types内定义各文件类型映像,如image/png png;png格式文件为图片类型;主要用于识别文件类型,什么类型使浏览器用什么方式呈现)

default_type  application/octet-stream; //默认响应为文件流

access_log  logs/access.log  main;          //指定所有站点访问日志存放路径

sendfile        on;                 //打开系统函数sendfile()提高性能
tcp_nopush     on;                  //sendfile开启后才生效,调用tcp_cork方法
#keepalive_timeout  0;
keepalive_timeout  65;              //会话保持时间,指定时间内客户端无访问请求,断开连接,需连接时重新请求

gzip  on;                       //网页压缩

server {
    listen       80;                    //定义服务器监听端口
    server_name  localhost;                 //定义服务器名及监听IP

    charset utf-8;                  //网站的字符编码

    access_log  logs/host.access.log  main;     //指定当前站点访问日志存放路径
    location / {                        ////匹配客户端所有请求,执行如下操作
        root   html;                    //网页存放目录
        index  index.html index.htm;            //Nginx首页支持页面
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {                  //错误页面

    }

}

}

3.启动服务

1)ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ 或echo "PATH=$PATH:/usr/local/nginx/sbin/" >>/etc/profile && source /etc/profile

//将命令做软链接或加入到PATH环境变量,方便命令执行

2)vim /etc/init.d/nginx

#!/bin/bash

chkconfig: - 99 20

description: Nginx Server Control Script

NP="/usr/local/nginx/sbin/nginx"
NPF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$NP;
if [ $? -eq 0 ]
then
echo "nginx is starting!! "
fi
;;
stop)
kill -s QUIT $(cat $NPF)
if [ $? -eq 0 ]
then
echo "nginx is stopping!! "
fi
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $NPF)
if [ $? -eq 0 ]
then
echo "nginx config file is reload! "
fi
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0

3)chmod +x /etc/init.d/nginx

4)/etc/init.d/nginx start && chkconfig --level 35 nginx on

5)nginx -t //检查配置文件是否有误

4.增加状态统计支持

1)vim /usr/local/nginx/conf/nginx.conf

location  /status {         //在server下添加如下行
    stub_status on;
    access_log off;
}

2)/etc/init.d/nginx restart

3)http://192.168.1.10/status

5.aws状态统计页面

1)awstats部署

tar -zxvf awstats-7.3.tar.gz //解压

mv awstats-7.3 /usr/local/awstats //移动并重命名为/usr/local/awstats目录

chown -R root:root /usr/local/awstats //设置目录所有者及所有组为root用户

chmod -R 755 /usr/local/awstats/ //给予所有者完整权限

chmod +x /usr/local/awstats/tools/*.pl //给予所有以.pl结尾的文件所有人拥有执行权限

chmod +x /usr/local/awstats/wwwroot/cgi-bin/*.pl //给予所有以.pl结尾的文件所有人拥有执行权限

2)awstats配置

cd /usr/local/awstats/tools/

./awstats_configure.pl //生成配置文件及目录(y-->none-->y-->主机名-->回车-->回车)

vim /etc/awstats/awstats.www.xueluo.org.conf //编辑生成的配置文件

50 LogFile="/usr/local/nginx/logs/access.log" //修改Nginx访问日志路径

mkdir /var/lib/awstats //创建图表存放目录

/usr/local/awstats/wwwroot/cgi-bin/awstats.pl --update --config=www.xueluo.org //根据日志生成图表

3)生成html静态页面

mkdir /usr/local/nginx/html/awstats //创建静态页面存放目录

./awstats_buildstaticpages.pl --update --config=www.xueluo.org --lang=cn --dir=/usr/local/nginx/html/awstats/

//根据配置文件生成中文的html静态文件到/usr/local/nginx/html/awstats/

vim /usr/local/nginx/conf/nginx.conf

39 location ~ ^/awstats {
40 root /usr/local/nginx/html/awstats;
41 index index.html;
42 }
43
44 location ~ ^/icon|/css|/js|/classess {
45 root /usr/local/awstats/wwwroot/;
46 }

crontab -e //新建计划任务,每隔5分钟生成图表并转换为html文件

*/5 * * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl --update --config=www.xueluo.org && /usr/local/awstats/tools/awstats_buildstaticpages.pl --update --config=www.xueluo.org --lang=cn --dir=/usr/local/nginx/html/awstats/  

4)访问

http://IP/awstats.www.xueluo.org.html
一、访问控制

1.生成密码认证文件(htpasswd) yum -y install httpd-tools

1)rm -rf /etc/yum.repos.d/*

2)vim /etc/yum.repos.d/local.repo

[local]
name=local
baseurl=file:///mnt
gpgcheck=0

3)mount /dev/cdrom /mnt

4)yum -y install httpd-tools

5)htpasswd -c /usr/local/nginx/conf/.hehe hehe

6)chown nginx /usr/local/nginx/conf/.hehe && chmod 400 /usr/local/nginx/conf/.hehe

2.修改配置文件,添加认证选项

1)vim /usr/local/nginx/conf/nginx.conf

location /status { //Server配置项下增加
stub_status on;
access_log off;
auth_basic "secret"; //基本认证
auth_basic_user_file /usr/local/nginx/conf/.hehe; //指定用户认证配置文件路径
}

3.重启服务,测试

1)/etc/init.d/nginx restart

二、虚拟主机

1.实现方式

1)基于域名:不同域名、相同IP、相同端口

2)基于IP:不同域名、不同IP、相同端口

3)基于端口:不同域名、不同IP、不同端口

三、基于域名

1.DNS搭建

1)安装bind软件包

rm -rf /etc/yum.repos.d/*

vim /etc/yum.repos.d/local.repo

[local]
name=local
baseurl=file:///mnt
gpgcheck=0

mount /dev/cdrom /mnt

yum -y install bind bind-utils

2)编辑配置文件

vim /etc/named.conf

options {
listen-on port 53 { 192.168.1.10; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;

dnssec-enable no;
dnssec-validation no;

}

zone "xueluo.org" IN {
type master;
file "xueluo.org.zone";
};

cp /var/named/named.empty /var/named/xueluo.org.zone

vim /var/named/xueluo.org.zone

$TTL 86400
@ IN SOA xueluo.org. root.xueluo.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.xueluo.org.
ns IN A 192.168.1.10
www IN A 192.168.1.10
image IN A 192.168.1.10

3)启动服务并测试

chown named:named /var/named/xueluo.org.zone

/etc/init.d/named restart

2.编辑nginx配置文件

1)vim /usr/local/nginx/conf/nginx.conf

111 server {
112 listen 80;
113 server_name www.xueluo.org;
114
115 location / {
116 root /usr/local/nginx/html/www;
117 index index.html;
118 }
119 }

121 server {
122 listen 80;
123 server_name image.xueluo.org;
124
125 location / {
126 root /usr/local/nginx/html/image;
127 index index.html;
128 }
129 }

2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image

3)echo "www is www" >/usr/local/nginx/html/www/index.html

4)echo "image is image" >/usr/local/nginx/html/image/index.html

3.启动服务

1)nginx -t //验证配置文件是否有误

2)/etc/init.d/nginx restart

四、基于IP

1.DNS搭建

1)安装bind软件包

rm -rf /etc/yum.repos.d/*

vim /etc/yum.repos.d/local.repo

[local]
name=local
baseurl=file:///mnt
gpgcheck=0

mount /dev/cdrom /mnt

yum -y install bind bind-chroot bind-utils

2)编辑配置文件

vim /etc/named.conf

options {
listen-on port 53 { 192.168.1.10; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;

dnssec-enable no;
dnssec-validation no;

}

zone "xueluo.org" IN {
type master;
file "xueluo.org.zone";
};

cp /var/named/named.empty /var/named/xueluo.org.zone

vim /var/named/xueluo.org.zone

$TTL 86400
@ IN SOA xueluo.org. root.xueluo.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.xueluo.org.
ns IN A 192.168.1.10
www IN A 192.168.1.10
image IN A 192.168.1.11

3)启动服务并测试

ifconfig eth0:0 192.168.1.11

chown named:named /var/named/xueluo.org.zone

/etc/init.d/named restart

nslookup www.xueluo.org && nslookup image.xueluo.org

2.编辑nginx配置文件

1)vim /usr/local/nginx/conf/nginx.conf

36 listen 81; //将默认监听端口换位81

111 server {
112 listen 192.168.1.10:80;
113 server_name www.xueluo.org;
114
115 location / {
116 root /usr/local/nginx/html/www;
117 index index.html;
118 }
119 }

121 server {
122 listen 192.168.1.20:80;
123 server_name image.xueluo.org;
124
125 location / {
126 root /usr/local/nginx/html/image;
127 index index.html;
128 }
129 }

2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image

3)echo "www is www" >/usr/local/nginx/html/www/index.html

4)echo "image is image" >/usr/local/nginx/html/image/index.html

3.启动服务

1)nginx -t //验证配置文件是否有误

2)/etc/init.d/nginx restart

五、基于端口

1.DNS搭建

1)安装bind软件包

rm -rf /etc/yum.repos.d/*

vim /etc/yum.repos.d/local.repo

[local]
name=local
baseurl=file:///mnt
gpgcheck=0

mount /dev/cdrom /mnt

yum -y install bind bind-chroot bind-utils

2)编辑配置文件

vim /etc/named.conf

options {
listen-on port 53 { 192.168.1.10; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;

dnssec-enable no;
dnssec-validation no;

}

zone "xueluo.org" IN {
type master;
file "xueluo.org.zone";
};

cp /var/named/named.empty /var/named/xueluo.org.zone

vim /var/named/xueluo.org.zone

$TTL 86400
@ IN SOA xueluo.org. root.xueluo.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns.xueluo.org.
ns IN A 192.168.1.10
www IN A 192.168.1.10
image IN A 192.168.1.11

3)启动服务并测试

ifconfig eth0:0 192.168.1.11

chown named:named /var/named/xueluo.org.zone

/etc/init.d/named restart

nslookup www.xueluo.org && nslookup image.xueluo.org

2.编辑nginx配置文件

1)vim /usr/local/nginx/conf/nginx.conf

36 listen 81; //将默认监听端口换位81

111 server {
112 listen 192.168.1.10:82;
113 server_name www.xueluo.org;
114
115 location / {
116 root /usr/local/nginx/html/www;
117 index index.html;
118 }
119 }

121 server {
122 listen 192.168.1.20:83;
123 server_name image.xueluo.org;
124
125 location / {
126 root /usr/local/nginx/html/image;
127 index index.html;
128 }
129 }

2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image

3)echo "www is www" >/usr/local/nginx/html/www/index.html

4)echo "image is image" >/usr/local/nginx/html/image/index.html

3.启动服务

1)nginx -t //验证配置文件是否有误

2)/etc/init.d/nginx restart

以上是关于Nginx搭建,访问控制的主要内容,如果未能解决你的问题,请参考以下文章

搭建SVN,部署社交网站

nginx功能搭建详细教程

CentOS7.4—nginx应用之统计与访问控制

vsftpd+nginx搭建图片服务器的一些问题

社交网站部署——Nginx服务器+PHP服务器搭建+MySQL主从集群

大规模日志分析平台-ELK之Kibana访问权限控制