LAMP架构(nginx安装,默认虚拟主机,用户认证,域名重定向,nginx配置文件详解)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了LAMP架构(nginx安装,默认虚拟主机,用户认证,域名重定向,nginx配置文件详解)相关的知识,希望对你有一定的参考价值。
一、安装nginx
[[email protected] conf]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[[email protected] conf]# tar zxvf nginx-1.8.0.tar.gz
[[email protected] conf]# cd nginx-1.8.0
[[email protected] conf]# ./configure --prefix=/usr/local/nginx
[[email protected] conf]# make && make install
[[email protected] conf]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
[[email protected] conf]# chmod 755 /etc/init.d/nginx
[[email protected] conf]# chkconfig --add nginx
[[email protected] conf]# chkconfig nginx on
[[email protected] conf]# mv nginx.conf nginx.conf.bak
[[email protected] conf]# vim /usr/local/nginx/conf/nginx.conf
user nobody nobody; (启动nginx的用户)
worker_processes 2; (定义子进程)
error_log /usr/local/nginx/logs/nginx_error.log crit; (错误日志)
pid /usr/local/nginx/logs/nginx.pid; (pid位置)
worker_rlimit_nofile 51200; (最多打开多少文件)
events
{
use epoll;
worker_connections 6000; (进程最多多少连接)
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server (http服务)
{
listen 80; (监听80端口)
server_name localhost; (设置域名)
index index.html index.htm index.php; (设置主页)
root /usr/local/nginx/html; (设置访问主目录)
location ~ \.php$ (定义php解析)
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
#fastcgi_pass 127.0.0.1:9000; (和上面一行的意思相同,只是不同的写法,监听127.0.0.1:9000)
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
[[email protected] conf]# /usr/local/nginx/sbin/nginx -t (检查语法错误)
[[email protected] conf]# /etc/init.d/nginx start (启动nginx)
[[email protected] conf]# netstat -lntp |grep 80 (查看80端口)
[[email protected] conf]# ps aux |grep nginx (查看nginx服务,可看到2个work子进程)
二、nginx默认虚拟主机
Nginx默认主机:
[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf (删除server及下面的,在http最后添加)
include vhost/*.conf; (指定虚拟主机目录,并读取以.conf结尾的文件)
:wq退出保存
[[email protected] ~]# mkdir /usr/local/nginx/conf/vhost (创建虚拟主机目录)
[[email protected] ~]# vim aaa.com.conf (创建虚拟主机配置文件并添加以下内容:)
server
{
listen 80 default_server; (红色的字表示设置这个虚拟主机为默认虚拟主机)
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
}
[[email protected] vhost]# mkdir -p /data/wwwroot/default/ (创建虚拟主机的访问目录)
[[email protected] vhost]# echo "This is a default site." >/data/wwwroot/default/index.html (编写虚拟主机主页)
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -t (检查配置文件语法错误)
[[email protected] vhost]# /usr/local/nginx/sbin/nginx -s reload (重新加载配置文件)
[[email protected] vhost]# curl localhost (curl本机,发现到达nginx的虚拟主机主页)
This is a default site.
!!:还有一个需要注意的是,如果不加红色字体的字段,再找server时会根据文件名排序,比如:aaa.com.cnf和bbb.com.cnf,aaa肯定是在前,所以aaa.com.cnf是默认虚拟主机
三、Nginx用户认证
nginx用户认证
用到了之前httpd的htpasswd功能。
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf (创建一个虚拟主机)
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /
{
auth_basic "Auth"; (定义用户认证的名字)
auth_basic_user_file /usr/local/nginx/conf/htpasswd (定义用户名密码文件)
}
}
因为要使用到httpd的htpasswd功能,则需要安装httpd,可以直接yum安装,直接敲htpasswd命令,
[[email protected] ~]# htpasswd -c /usr/local/nginx/conf/htpasswd lty (c是生成用户文件,若要添加则不需要,否则会覆盖原文件)
New password:
Re-type new password:
Adding password for user lty
检查语法错误,并且重新加载配置文件:(如果配置文件出现错误,reload不会使错误的配置文件生效)
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
检测:
[[email protected] ~]# curl -x127.0.0.1:80 test.com -I (不加用户发现401,需要用户认证)
HTTP/1.1 401 Unauthorized
Server: nginx/1.8.0
Date: Thu, 14 Dec 2017 04:15:02 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
[[email protected] ~]# curl -ulty:westos -x127.0.0.1:80 test.com (-u指定用户和密码后,返回值)
test.com
1.需求;访问一个目录或者文件时,才需要用户认证。
实现:
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /admin (用户认证时加上admin目录)
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
检测语法错误并且重新加载配置文件:
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
检测:
[[email protected] ~]# curl -x127.0.0.1:80 test.com (访问test.com时不需要密码也可以返回值)
test.com
[[email protected] ~]# curl -x127.0.0.1:80 test.com/admin (访问test.com下的admin时,401需要用户认证)
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
需求,访问test.com下的1.php需要用户认证,
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /admin/1.php (这里修改匹配到1.php)
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
检测语法错误并且重新加载配置文件:
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
检测:
[[email protected] ~]# curl -x127.0.0.1:80 test.com/admin/1.php (不加用户密码访问发现401)
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
[[email protected] ~]# curl -ulty:westos -x127.0.0.1:80 test.com/admin/1.php (加用户密码访问则正常返回)
touch file.php
四、nginx域名重定向
httpd配置文件里server_name后面不支持写多个域名,就算写了多个,也默认识别第一个
nginx的配置文件server_name后面则支持写多个域名,
[[email protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com; (server_name后跟多个域名)
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != 'test.com' ) { (如果域名不是test.com)
rewrite ^/(.*)$ http://test.com/$1 permanent; (rewrite到test.com,permanent301报错 redirect302报错)
检查语法错误并且重新加载配置文件:
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] ~]# /usr/local/nginx/sbin/nginx -s reload
检测:
[[email protected] ~]# curl -x127.0.0.1:80 test1.com/admin/1.php -I (访问test1时,提示301,跳转到test.comx下)
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Thu, 14 Dec 2017 05:03:32 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: http://test.com/admin/1.php
[[email protected] ~]# curl -x127.0.0.1:80 test2.com/admin/1.php -I (访问test2时,提示301,跳转到test.comx下)
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Thu, 14 Dec 2017 05:03:38 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: http://test.com/admin/1.php
五、Nginx配置文件详解
https://my.oschina.net/duxuefeng/blog/34880
以上是关于LAMP架构(nginx安装,默认虚拟主机,用户认证,域名重定向,nginx配置文件详解)的主要内容,如果未能解决你的问题,请参考以下文章
lamp架构nginx常见配置:虚拟主机ssl权重backup相关算法添加
lamp架构nginx常见配置:虚拟主机ssl权重backup相关算法添加