LAMP架构(nginx安装,默认虚拟主机,用户认证,域名重定向,nginx配置文件详解)

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LAMP架构(nginx安装,默认虚拟主机,用户认证,域名重定向,nginx配置文件详解)相关的知识,希望对你有一定的参考价值。

一、安装nginx

[[email protected] conf]# wget http://nginx.org/download/nginx-1.8.0.tar.gz

[[email protected] conf]# tar zxvf nginx-1.8.0.tar.gz

[[email protected] conf]# cd nginx-1.8.0

[[email protected] conf]# ./configure --prefix=/usr/local/nginx

[[email protected] conf]# make && make install

[[email protected] conf]# vim /etc/init.d/nginx

#!/bin/bash

# chkconfig: - 30 21

# description: http service.

# Source Function Library

. /etc/init.d/functions

# Nginx Settings

NGINX_SBIN="/usr/local/nginx/sbin/nginx"

NGINX_CONF="/usr/local/nginx/conf/nginx.conf"

NGINX_PID="/usr/local/nginx/logs/nginx.pid"

RETVAL=0

prog="Nginx"

start() 

{

    echo -n $"Starting $prog: "

    mkdir -p /dev/shm/nginx_temp

    daemon $NGINX_SBIN -c $NGINX_CONF

    RETVAL=$?

    echo

    return $RETVAL

}

stop() 

{

    echo -n $"Stopping $prog: "

    killproc -p $NGINX_PID $NGINX_SBIN -TERM

    rm -rf /dev/shm/nginx_temp

    RETVAL=$?

    echo

    return $RETVAL

}

reload()

{

    echo -n $"Reloading $prog: "

    killproc -p $NGINX_PID $NGINX_SBIN -HUP

    RETVAL=$?

    echo

    return $RETVAL

}

restart()

{

    stop

    start

}

configtest()

{

    $NGINX_SBIN -c $NGINX_CONF -t

    return 0

}

case "$1" in

  start)

        start

        ;;

  stop)

        stop

        ;;

  reload)

        reload

        ;;

  restart)

        restart

        ;;

  configtest)

        configtest

        ;;

  *)

        echo $"Usage: $0 {start|stop|reload|restart|configtest}"

        RETVAL=1

esac

exit $RETVAL


[[email protected] conf]# chmod 755 /etc/init.d/nginx

[[email protected] conf]# chkconfig --add nginx

[[email protected] conf]# chkconfig nginx on

[[email protected] conf]# mv nginx.conf      nginx.conf.bak

[[email protected] conf]# vim /usr/local/nginx/conf/nginx.conf


user nobody nobody;                                  (启动nginx的用户)

worker_processes 2;                                (定义子进程)

error_log /usr/local/nginx/logs/nginx_error.log crit;               (错误日志)

pid /usr/local/nginx/logs/nginx.pid;                       (pid位置)

worker_rlimit_nofile 51200;                               (最多打开多少文件)

events

{

    use epoll;

    worker_connections 6000;                               (进程最多多少连接)

http

{

    include mime.types;

    default_type application/octet-stream;

    server_names_hash_bucket_size 3526;

    server_names_hash_max_size 4096;

    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'

    ' $host "$request_uri" $status'

    ' "$http_referer" "$http_user_agent"';

    sendfile on;

    tcp_nopush on;

    keepalive_timeout 30;

    client_header_timeout 3m;

    client_body_timeout 3m;

    send_timeout 3m;

    connection_pool_size 256;

    client_header_buffer_size 1k;

    large_client_header_buffers 8 4k;

    request_pool_size 4k;

    output_buffers 4 32k;

    postpone_output 1460;

    client_max_body_size 10m;

    client_body_buffer_size 256k;

    client_body_temp_path /usr/local/nginx/client_body_temp;

    proxy_temp_path /usr/local/nginx/proxy_temp;

    fastcgi_temp_path /usr/local/nginx/fastcgi_temp;

    fastcgi_intercept_errors on;

    tcp_nodelay on;

    gzip on;

    gzip_min_length 1k;

    gzip_buffers 4 8k;

    gzip_comp_level 5;

    gzip_http_version 1.1;

    gzip_types text/plain application/x-javascript text/css text/htm 

    application/xml;

    server                                  (http服务)

    {

        listen 80;                                 (监听80端口)

        server_name localhost;                          (设置域名)

        index index.html index.htm index.php;                (设置主页)

        root /usr/local/nginx/html;                       (设置访问主目录)

        location ~ \.php$                               (定义php解析)

        {

            include fastcgi_params;

            fastcgi_pass unix:/tmp/php-fcgi.sock;

           #fastcgi_pass 127.0.0.1:9000;   (和上面一行的意思相同,只是不同的写法,监听127.0.0.1:9000)

            fastcgi_index index.php;

            fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

        }    

    }

}


[[email protected] conf]# /usr/local/nginx/sbin/nginx -t           (检查语法错误)

[[email protected] conf]# /etc/init.d/nginx start               (启动nginx)

[[email protected] conf]# netstat -lntp |grep 80                (查看80端口)

[[email protected] conf]# ps aux |grep nginx                   (查看nginx服务,可看到2个work子进程)


二、nginx默认虚拟主机

Nginx默认主机:

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf  (删除server及下面的,在http最后添加)

include vhost/*.conf;                    (指定虚拟主机目录,并读取以.conf结尾的文件)

:wq退出保存

[[email protected] ~]# mkdir /usr/local/nginx/conf/vhost    (创建虚拟主机目录)

[[email protected] ~]# vim aaa.com.conf                (创建虚拟主机配置文件并添加以下内容:)

server

{

    listen 80 default_server;                 (红色的字表示设置这个虚拟主机为默认虚拟主机)

    server_name aaa.com; 

    index index.html index.htm index.php;

    root /data/wwwroot/default;

}

[[email protected] vhost]# mkdir -p /data/wwwroot/default/     (创建虚拟主机的访问目录)

[[email protected] vhost]# echo "This is a default site." >/data/wwwroot/default/index.html      (编写虚拟主机主页)

[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t          (检查配置文件语法错误)

[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload        (重新加载配置文件)

[[email protected] vhost]# curl localhost                       (curl本机,发现到达nginx的虚拟主机主页)

This is a default site.

 

!!:还有一个需要注意的是,如果不加红色字体的字段,再找server时会根据文件名排序,比如:aaa.com.cnf和bbb.com.cnf,aaa肯定是在前,所以aaa.com.cnf是默认虚拟主机


三、Nginx用户认证

nginx用户认证

用到了之前httpd的htpasswd功能。

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf             (创建一个虚拟主机)


server

{

    listen 80;

    server_name test.com;

    index index.html index.htm index.php;

    root /data/wwwroot/test.com;

    

location  /

    {

        auth_basic              "Auth";                   (定义用户认证的名字)

        auth_basic_user_file   /usr/local/nginx/conf/htpasswd         (定义用户名密码文件)

}

}

因为要使用到httpd的htpasswd功能,则需要安装httpd,可以直接yum安装,直接敲htpasswd命令,

[[email protected] ~]# htpasswd -c /usr/local/nginx/conf/htpasswd lty (c是生成用户文件,若要添加则不需要,否则会覆盖原文件)

New password: 

Re-type new password: 

Adding password for user lty


检查语法错误,并且重新加载配置文件:(如果配置文件出现错误,reload不会使错误的配置文件生效)

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload


检测:

[[email protected] ~]# curl -x127.0.0.1:80 test.com -I                   (不加用户发现401,需要用户认证)

HTTP/1.1 401 Unauthorized

Server: nginx/1.8.0

Date: Thu, 14 Dec 2017 04:15:02 GMT

Content-Type: text/html

Content-Length: 194

Connection: keep-alive

WWW-Authenticate: Basic realm="Auth"


[[email protected] ~]# curl -ulty:westos -x127.0.0.1:80 test.com          (-u指定用户和密码后,返回值)

test.com



1.需求;访问一个目录或者文件时,才需要用户认证。

实现:

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf

server

{

    listen 80;

    server_name test.com;

    index index.html index.htm index.php;

    root /data/wwwroot/test.com;


location  /admin                                  (用户认证时加上admin目录)

    {

        auth_basic              "Auth";

        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;

}

}

检测语法错误并且重新加载配置文件:

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload


检测:

[[email protected] ~]# curl -x127.0.0.1:80 test.com          (访问test.com时不需要密码也可以返回值)

test.com


[[email protected] ~]# curl -x127.0.0.1:80 test.com/admin         (访问test.com下的admin时,401需要用户认证)

<html>

<head><title>401 Authorization Required</title></head>

<body bgcolor="white">

<center><h1>401 Authorization Required</h1></center>

<hr><center>nginx/1.8.0</center>

</body>

</html>



需求,访问test.com下的1.php需要用户认证,

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf


server

{

    listen 80;

    server_name test.com;

    index index.html index.htm index.php;

    root /data/wwwroot/test.com;


location  /admin/1.php                 (这里修改匹配到1.php)

    {

        auth_basic              "Auth";

        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;


检测语法错误并且重新加载配置文件:

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload


检测:

[[email protected] ~]# curl -x127.0.0.1:80 test.com/admin/1.php           (不加用户密码访问发现401)

<html>

<head><title>401 Authorization Required</title></head>

<body bgcolor="white">

<center><h1>401 Authorization Required</h1></center>

<hr><center>nginx/1.8.0</center>

</body>

</html>

[[email protected] ~]# curl -ulty:westos -x127.0.0.1:80 test.com/admin/1.php  (加用户密码访问则正常返回)

touch file.php


四、nginx域名重定向

httpd配置文件里server_name后面不支持写多个域名,就算写了多个,也默认识别第一个

nginx的配置文件server_name后面则支持写多个域名,

[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf


server

{

    listen 80;

    server_name test.com test1.com test2.com;                   (server_name后跟多个域名)

    index index.html index.htm index.php;

    root /data/wwwroot/test.com;

    if ($host != 'test.com' ) {                          (如果域名不是test.com)

      rewrite  ^/(.*)$  http://test.com/$1  permanent; (rewrite到test.com,permanent301报错  redirect302报错)


检查语法错误并且重新加载配置文件:

[[email protected] ~]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload


检测:

[[email protected] ~]# curl -x127.0.0.1:80 test1.com/admin/1.php -I           (访问test1时,提示301,跳转到test.comx下)

HTTP/1.1 301 Moved Permanently

Server: nginx/1.8.0

Date: Thu, 14 Dec 2017 05:03:32 GMT

Content-Type: text/html

Content-Length: 184

Connection: keep-alive

Location: http://test.com/admin/1.php


[[email protected] ~]# curl -x127.0.0.1:80 test2.com/admin/1.php -I          (访问test2时,提示301,跳转到test.comx下)

HTTP/1.1 301 Moved Permanently

Server: nginx/1.8.0

Date: Thu, 14 Dec 2017 05:03:38 GMT

Content-Type: text/html

Content-Length: 184

Connection: keep-alive

Location: http://test.com/admin/1.php


五、Nginx配置文件详解

http://www.ha97.com/5194.html

https://my.oschina.net/duxuefeng/blog/34880




以上是关于LAMP架构(nginx安装,默认虚拟主机,用户认证,域名重定向,nginx配置文件详解)的主要内容,如果未能解决你的问题,请参考以下文章

基于LAMP架构实现web网站高可用集群

lamp架构nginx常见配置:虚拟主机ssl权重backup相关算法添加

lamp架构nginx常见配置:虚拟主机ssl权重backup相关算法添加

lamp架构nginx常见配置:虚拟主机ssl权重backup相关算法添加

nginx权限

shell脚本安装LAMP架构(一键执行)