nginx配置虚拟主机#####
Nginx是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,
并在一个BSD-like 协议下发行。其特点是占有内存少,并发能力强,
事实上nginx的并发能力确实在同类型的网页服务器中表现较好,
中国大陆使用nginx网站用户有:百度、京东、新浪、网易、腾讯、淘宝等
cd /usr/local/lnmp/nginx/conf/
vim nginx.conf ###编辑配置文件添加两个虚拟主机
121 server {
122 listen 80;
123 server_name www.westos.org;
124 location / {
125 root /www1;
126 index index.html;
127 }
128 }
129 server {
130 listen 80;
131 server_name www.linux.org;
132 location / {
133 root /www2;
134 index index.html;
135 }
136 }
nginx -s reload ###重新加载
mkdir /www1 ###建立一个根目录
mkdir /www2
cd /www1/
vim index.html ###编写其默认发布文件
写入:www.westos.org
cd /www2/
vim index.html
写入:www.linux.org
在物理机上:vim /etc/hosts
写入172.25.3.5 www.westos.org www.linux.org ##解析
在浏览器访问www.westos.org www.linux.org
开启443端口加密
cd /usr/local/lnmp/nginx/conf
vim nginx.conf
103 server {
104 listen 443 ssl;
105 server_name www.westos.org;
106
107 ssl_certificate cert.pem;
108 ssl_certificate_key cert.pem;
109
110 ssl_session_cache shared:SSL:1m;
111 ssl_session_timeout 5m;
112
113 ssl_ciphers HIGH:!aNULL:!MD5;
114 ssl_prefer_server_ciphers on;
115
116 location / {
117 root /www1;
118 index index.html index.htm;
119 }
120 }
cd /etc/pki/tls/certs/
make cert.pem ###制作证书
ll cert.pem ##查看证书文件是否建立
cp cert.pem /usr/local/lnmp/nginx/conf/ ###将证书文件复制到nginx配置目录
nginx -t ###检测语法
nginx -s reload ##重新加载
在浏览器输入:https://www.westos.org,地址前面会加一个锁子
nginx重定向
(一)当访问以westos.org或www.westos.org时,重定向到https://www.westos.org
vim nginx.conf
121 server {
122 listen 80;
123 server_name www.westos.org westos.org ;
124 rewrite ^(.*)$ https://www.westos.org permanent;
###permanent永久重定向,##rewrite重定向
125 # location / {
126 # root /www1;
127 # index index.html;
128 # }
129 }
测试结果:
[root@foundation3 Desktop]# curl -I www.westos.org
HTTP/1.1 301 Moved Permanently
Server: nginx/
Date: Tue, 07 Aug 2018 08:54:19 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Location: https://www.westos.org
[root@foundation3 Desktop]# curl -I westos.org
HTTP/1.1 301 Moved Permanently
Server: wts/1.2
Date: Tue, 07 Aug 2018 08:54:45 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: https://www.westos.org/
(二)当访问www.westos.org后的url时,定向到加密后的
121 server {
122 listen 80;
123 server_name www.westos.org westos.org ;
124 rewrite ^(.*)$ https://www.westos.org$1 permanent;
125 # location / {
126 # root /www1;
127 # index index.html;
128 # }
129 }
结果如下:
[root@foundation3 Desktop]# curl -I www.westos.org/index.html
HTTP/1.1 301 Moved Permanently
Server: nginx/
Date: Tue, 07 Aug 2018 09:00:34 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Location: https://www.westos.org/index.html
(三)当访问www.westos.org/bbs,时重定向到http://bbs.westos.org
注意:不要忘记把bbs.westos.org写入解析
vim nginx.conf
121 server {
122 listen 80;
123 server_name www.westos.org westos.org ;
124 #rewrite ^(.*)$ https://www.westos.org$1 permanent;
125 rewrite ^/bbs$ http://bbs.westos.org permanent;
126 # location / {
127 # root /www1;
128 # index index.html;
129 # }
130 }
结果如下:
[root@foundation3 Desktop]# curl -I www.westos.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx/
Date: Tue, 07 Aug 2018 09:08:59 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Location: http://bbs.westos.org
(四)当访问www.westos.org/bbs后还有url时,定向到http://bbs.westos.org/index.html
121 server {
122 listen 80;
123 server_name www.westos.org westos.org ;
124 #rewrite ^(.*)$ https://www.westos.org$1 permanent;
125 rewrite ^/bbs$ http://bbs.westos.org permanent;
126 rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
127 # location / {
128 # root /www1;
129 # index index.html;
130 # }
131 }
结果如下:
[root@foundation3 Desktop]# curl -I www.westos.org/bbs/index.html
HTTP/1.1 301 Moved Permanently
Server: nginx/
Date: Tue, 07 Aug 2018 09:18:36 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Location: http://bbs.westos.org/index.html
(五)###nginx的反向重定向##
vim nginx.conf
**nginx支持正则表达式**
121 server {
122 listen 80;
123 server_name www.westos.org westos.org bbs.westos.org;
124 #rewrite ^(.*)$ https://www.westos.org$1 permanent;
125 #rewrite ^/bbs$ http://bbs.westos.org permanent;
126 #rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
127 if ($host = "bbs.westos.org"){
128 rewrite ^/(.*) http://www.westos.org/bbs/$1 permanent;
129 }
130
131 location / {
132 root /www1;
133 index index.html;
134 }
135 }
136 #server {
137 # listen 80;
138 # server_name bbs.westos.org;
139 # rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;
140 #location / {
141 # root /www2;
142 # index index.html;
143 # }
144 #}
###编写一个bbs目录下的默认配置文件测试
cd /www1
mkdir bbs
cd bbs
vim index.html
www.westos.org--bbs
在shell中测试的结果:
[root@foundation3 Desktop]# curl -I bbs.westos.org
HTTP/1.1 301 Moved Permanently
Server: nginx/
Date: Tue, 07 Aug 2018 09:35:03 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Location: http://www.westos.org/bbs/
在浏览器中测试:
nginx里的限制参数
写在server的上层:
39 limit_conn_zone $binary_remote_addr zone=addr:10m;
###定义限制连接区域,
40 limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
###定义限制区域,速率为每秒一个请求
写在server里面
43 server {
44 listen 80;
45 server_name localhost;
46
47 #charset koi8-r;
48
49 #access_log logs/host.access.log main;
50
51 location / {
52 root html;
53 index index.html index.htm;
54 }
55 location /download/ {
56 limit_conn addr 1; ###限制并发数
57 limit_req zone=one burst=5; ###限制连接数
58 limit_rate 50k; ###限制带宽
59 }
在真机中做压測:
ab -c1 -n 10 http://172.25.3.5/download/vim.jpg 并发数为1时,全部访问成功
然后查看日志
ab -c10 -n 10 http://172.25.3.5/download/vim.jpg ###并发数为10时
结果只有一个访问到了,其余都是503报错,无法访问
检测速率限制:(在真机)
time wget http://172.25.3.5/download/mysql-boost-5.7.17.tar.gz
设定用户访问的黑白名单
vim nginx.conf
55 location /download/ {
56 limit_conn addr 1;
57 limit_req zone=one burst=5;
58 limit_rate 50k;
59 }
60 location /admin/ {###允许这个ip的访问,也可以写一个网段
62 deny all; ##拒绝其余的ip访问
###这两条语句会按顺序访问
63 }
在真机中的测试:
[root@foundation3 Desktop]# curl http://172.25.3.5/admin/index.html
admin page!!
将真机ip写入黑名单的情况:
设置图片的缓存时间
vim nginx.conf
65 location ~ .*\.(gif|jpg|png)$ {
66 expires 30d;
67 }
放置一张照片到nginx的默认发布目录里vim.jpg
[root@foundation3 Desktop]# curl http://172.25.3.5/vim.jpg -I
HTTP/1.1 200 OK
Server: nginx/
Date: Wed, 08 Aug 2018 03:44:03 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Wed, 08 Aug 2018 03:43:26 GMT
Connection: keep-alive
ETag: "5b6a66de-6ebc7"
Expires: Fri, 07 Sep 2018 03:44:03 GMT ###到9月刚好为30天
Cache-Control: max-age=2592000
Accept-Ranges: bytes
防止域名恶意解析
(1)直接给返回一个500的报错
43 server {
44 listen 80;
45 server_name _;
46 return 500;
在浏览器中测试:172.25.3.5
(2)或者将其定向到开放的页面
43 server {
44 listen 80;
45 server_name _;
46 #return 500;
47 rewrite ^(.*) http://www.westos.org permanent;
在浏览器中测试:172.25.3.5
###在配置文件中添加能读取中文格式
环境:因为之前做过ip重定向,所以在测试时,用之前定义过的虚拟主机,访问域名就好,
默认发布目录为之前的/www1
因为nginx的访问默认不支持中文
136 server {
137 listen 80;
138 server_name www.westos.org westos.org bbs.westos.org;
139 charset utf-8; ###识别中文
在没有添加这句方法时,不支持中文显示,结果如下
测试:在网页访问www.westos.org
将这块的缓存日志的清理,每天一备份
vim nginx.conf
65 location ~ .*\.(gif|jpg|png)$ {
66 expires 30d;
67 access_log off; ##写入这句
68 }
[root@server5 logs]# cd /opt/
[root@server5 opt]# ls
[root@server5 opt]# vim nginx_log.sh ###编写一个备份脚本
#!/bin/bash
cd /usr/local/lnmp/nginx/logs && mv access.log access.log_$(date +%F -d -1day)
/usr/local/lnmp/nginx/sbin/nginx -s reload
[root@server5 opt]# crontab -e ###写一个定时任务
写入:00 00 * * * /opt/nginx_log.sh ###每天凌晨进行一次备份
[root@server5 opt]# chmod +x /opt/nginx_log.sh ###给脚本加上执行权限
[root@server5 opt]# /opt/nginx_log.sh ###运行脚本
网页的防盗链
先在一台虚拟机server1配置指定盗用本机server5的网页内容
yum install httpd -y
cd /var/www/html
vim index.html
<html>
<body>
<img src="http://www.westos.org/images/iso7.gif"> ##要盗链的图片
</body>
</html>
~
在server5上:
cd /www1
mkdir images
mv iso7.gif images
在网页测试:
在本机sever5端修改nginx配置文件设置防盗链
148 location / {
149 root /www1;
150 index index.html;
151 }
152 location ~\.(gif|jpg|png)$ {
153 root /www1;
154 valid_referers none blocked www.westos.org;
155 if ($invalid_referer) {
156 return 403;
157
158 }
159 }
再次访问,盗链图片显示失败
也可以重定向文件,同样起到防盗链效果
nginx配置如下:和上面比较加上一条重定向就行
再次测试: