2018-09-20

其他 2018-09-22 10:47:27 阅读次数: 0
12.7 默认虚拟主机
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf //增加
include vhost/*.conf;
[root@localhost ~]# mkdir /usr/local/nginx/conf/vhost
[root@localhost ~]# cd !$ ; vim default.conf //加入如下内容
server
{
    listen 80 default_server;  // 有这个标记的就是默认虚拟主机
    server_name aaa.com;
    index index.html index.htm index.php;
    root /data/wwwroot/default;
}
[root@localhost ~]# mkdir -p /data/wwwroot/default/
[root@localhost ~]# echo “This is a default site.” > /data/wwwroot/default/index.html
[root@localhost ~]# chcon -R -t httpd_sys_content_t /data/wwwroot/
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --add-service=https
success
[root@localhost ~]# firewall-cmd --reload 
success
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t //测试配置文件有无错误
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload //重新加载配置文件
12.8 Nginx用户认证
[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;
    
location  /
    {
        auth_basic              "Auth";
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
}
}
[root@localhost ~]# mkdir /data/wwwroot/test.com
[root@localhost ~]# yum install -y httpd
[root@localhost ~]# htpasswd -c /usr/local/nginx/conf/htpasswd aming
New password: 
Re-type new password: 
Adding password for user aming
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl -x127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.15.3
Date: Thu, 20 Sep 2018 07:26:53 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

[root@localhost ~]# curl -uaming:aming -x127.0.0.1:80 test.com -I
HTTP/1.1 200 OK
Server: nginx/1.15.3
Date: Thu, 20 Sep 2018 07:27:15 GMT
Content-Type: text/html
Content-Length: 5
Last-Modified: Thu, 20 Sep 2018 07:26:17 GMT
Connection: keep-alive
ETag: "5ba34b99-5"
Accept-Ranges: bytes
12.9 Nginx域名重定向
[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;
    if ($host != 'test.com' ) {
        rewrite  ^/(.*)$  http://test.com/$1  permanent;  //permanent为永久重定向,状态码为301,如果写redirect则为302
    }
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost default]# curl -x127.0.0.1:80 test2.com -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.15.3
Date: Thu, 20 Sep 2018 08:20:36 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://test.com/
12.10 Nginx访问日志
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
...
    log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
    ' $host "$request_uri" $status'
    ' "$http_referer" "$http_user_agent"';
...
[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;
    if ($host != 'test.com' ) {
        rewrite  ^/(.*)$  http://test.com/$1  permanent;
    }
    access_log /tmp/test.com.log combined_realip;  //日志格式名称与nginx.conf相对应
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# cat /tmp/test.com.log 
127.0.0.1 - [20/Sep/2018:16:33:55 +0800] test2.com "/" 301 "-" "curl/7.29.0"
127.0.0.1 - [20/Sep/2018:16:35:05 +0800] test2.com "/" 301 "-" "curl/7.29.0"
127.0.0.1 - [20/Sep/2018:16:38:29 +0800] test.com "/" 200 "-" "curl/7.29.0"
12.11 Nginx日志切割
[root@localhost ~]# vim /usr/local/sbin/nginx_log_rotate.sh//写入如下内容
#! /bin/bash
## 假设nginx的日志存放路径为/data/logs/
d=`date -d "-1 day" +%Y%m%d` 
logdir="/data/logs"
nginx_pid="/usr/local/nginx/logs/nginx.pid"
cd $logdir
for log in `ls *.log`
do
    mv $log $log-$d
done
/bin/kill -HUP `cat $nginx_pid`
[root@localhost ~]# crontab -e -u root
0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh
12.12 静态文件不记录日志和过期时间
[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;
    if ($host != 'test.com' ) {
        rewrite  ^/(.*)$  http://test.com/$1  permanent;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
          expires      7d;
          access_log off;
    }
    location ~ .*\.(js|css)$
    {
          expires      12h;
          access_log off;
    }
    access_log /tmp/test.com.log combined_realip;  //日志格式名称与nginx.conf相对应
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
12.13 Nginx防盗链
[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/wwwroot/test.com;
    if ($host != 'test.com' ) {
        rewrite  ^/(.*)$  http://test.com/$1  permanent;
    }
    location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
    {
    expires 7d;
    valid_referers none blocked server_names  *.test.com ;
    if ($invalid_referer) {
        return 403;
    }
    access_log off;
    }
    location ~ .*\.(js|css)$
    {
          expires      12h;
          access_log off;
    }
    access_log /tmp/test.com.log combined_realip;  //日志格式名称与nginx.conf相对应
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
12.14 Nginx访问控制
[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
...
location /admin/  //某一目录限制
{
    allow 192.168.31.1;
    allow 127.0.0.1;
    deny all;
}

location ~ .*(upload|image)/.*\.php$  //正则匹配限制
{
        deny all;
}

if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')  //根据user_agent限制
{
      return 403;  //deny all和return 403效果一样
}
...
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
12.15 Nginx解析php相关配置
[root@localhost ~]# vim /usr/local/nginx/conf/vhost/test.com.conf
...
location ~ \.php$
    {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/php-fcgi.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_dir$fastcgi_script_name;
    }
...
12.16 Nginx代理
[root@localhost ~]# vim /usr/local/nginx/conf/vhost/proxy.conf
server
{
    listen 80;
    server_name ask.apelearn.com;

    location /
    {
        proxy_pass      http://121.201.9.155/;    //需要连接服务器IP
        proxy_set_header Host   $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

扩展
nginx.conf 配置详解
https://coding.net/u/aminglinux/p/nginx/git/tree/master/3z
nginx rewrite四种flag
http://unixman.blog.51cto.com/10163040/1711943
https://coding.net/u/aminglinux/p/nginx/git/blob/master/rewrite/break.md
502问题汇总 http://ask.apelearn.com/question/9109
location优先级 https://coding.net/u/aminglinux/p/nginx/git/blob/master/location/priority.md

猜你喜欢

转载自www.cnblogs.com/2KP2/p/9689537.html
今日推荐
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
开源日报 | 工业开源项目OGG 1.0;姐姐,你要和我一起配置火狐吗;苹果AI遥遥落后?Fedora 40
开放签电子签章:停止新增,优化体验,前进更进(五一假期前工作)
开源日报 | 中学生开源前端动画引擎;全球首个Llama3 8B中文版开源模型;联想电脑恐出局;Linus讽刺AI炒作
“百模大战”必有一战 | 2024中国“百模大战”竞争格局分析
周排行
Family Tree 题解
BZOJ 1093 最大半连通子图 SCC + DP
幂等处理
Spring----学习(2)----XML 配置Bean 自动装配
SQL Server 远程更新目标表数据
HIbernate3.6 环境搭建
特殊符号正则表达式
【Linux】第一章 进程的理解
843. n-皇后问题(dfs+输出各种情况)
空间数据库2
每日归档
更多
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(5)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022