Theory + experiment-Nginx service (Nginx installation, Nginx access control)

Preface

Among various web server software, in addition to Apache HTTP Server, there is also a lightweight HTTP server software—Nginx. Its stable and efficient features are gradually recognized by more and more users.
Its source code is licensed as BSD. It is known for its stability, rich feature set, sample configuration files, and low consumption of system resources.
Features: less memory and strong concurrency

1. Nginx service foundation

1.1. About Nginx

Overview:
Nginx is a high-performance HTTP and reverse proxy server, as well as an IMAP/POP3/SMTP proxy server.
Nginx is a lightweight web server/reverse proxy server and email proxy server, and is issued under a BSD-like protocol. Developed by Russian programmer lgor Sysoev, it is used by Russia's large portal and search engine Rambler. Its characteristics are that it occupies less memory and has strong concurrency. In fact, the concurrency of nginx does perform better in the same type of web server.
Compared with Apache\lighttpd, Nginx has the advantages of less memory and higher stability, and is known for its strong concurrency, rich module library and friendly and flexible configuration. Under the Linux operating system, nginx uses the epoll event model. Thanks to this, nginx is quite efficient under the Linux operating system. At the same time, Nginx uses an efficient event model kqueue similar to Epoll on the OpenBSD or FreeBSD operating system. A
high-performance, lightweight web service software

• High stability
• Low system resource consumption
• High processing capacity for HTTP concurrent connections
• A single physical server can support 30,000 to 50,000 concurrent requests
• Occupies less memory and has strong concurrency

1.2, install Nginx

[root@localhost ~]# yum -y install gcc gcc-c++ make pcre-devel zlib-devel
[root@localhost ~]# useradd -M -s /sbin/nologin nginx
[root@localhost ~]# tar xf nginx-1.15.9.tar.gz
[root@localhost ~]# cd nginx-1.15.9/
[root@localhost nginx-1.15.9]# ./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@localhost nginx-1.15.9]# make -j3
[root@localhost nginx-1.15.9]# make install
[root@localhost nginx-1.15.9]# ln -s /usr/local/nginx/sbin/nginx  /usr/local/sbin
[root@localhost nginx-1.15.9]# ls -l /usr/local/sbin/nginx
lrwxrwxrwx 1 root root 27 Sep  3 02:59 /usr/local/sbin/nginx -> /usr/local/nginx/sbin/nginx
[root@localhost nginx-1.15.9]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx-1.15.9]# nginx
[root@localhost nginx-1.15.9]# netstat -anpt | grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      78877/nginx: master 
[root@localhost ~]# yum -y install psmisc        ###最小安装没有killall令需要安装 
[root@localhost ~]# killall -s HUP nginx  ## 重载Nginx配置文件（相当于刷新）
[root@localhost ~]# killall -s QUIT nginx  ## 退出 Nginx

In order to make the Nginx service start, stop, reload and other operations more convenient, you can write the
Nginx service control file based on CentOs 7.6 and use the systemctl tool to manage it. The management habits of the CentOS7.6 system

[root@localhost ~]# vi /lib/systemd/system/nginx.service
[Unit]
Description=nginx   ###描述
After=network.target    ####描述服务类别
[Service]
Type=forking    ###后台运行形式
PIDFile=/usr/local/nginx/logs/nginx.pid   ###PID文件位置  
ExecStart=/usr/local/nginx/sbin/nginx    ###启动服务
ExecReload=/usr/bin/kill -s HUP $MAINPID  ###根据PID重载配置
ExecStop=/usr/bin/kill -s QUIT $MAINPID  ###根据PID终止进程
PrivateTmp=true
[Install]
WantedBy=multi-user.target
==>> wq 保存
[root@localhost ~]# chmod 754 /lib/systemd/system/nginx.service 
[root@localhost ~]# systemctl enable nginx.service 
[root@localhost ~]# systemctl start nginx  ## 这样我们就可以用这种方法来开启 Nginx 了

Note: Use the killall command to shut down the nginx service before using the systemctl command to start nginx

[root@localhost ~]# killall -s QUIT nginx

test:

1.3, configuration file nginx.conf

Global configuration

[root@localhost nginx-1.15.9]# vi /usr/local/nginx/conf/nginx.conf
#user  nobody;
worker_processes  1;
#error_log  logs/error.log;
#pid        logs/nginx.pid;

I/O time configuration

[root@localhost nginx-1.15.9]# vi /usr/local/nginx/conf/nginx.conf
events {
    
    
    use epoll;
    worker_connections  4096;
}

HTTP configuration

http {
    
    
  . . . . . . . . . . . . 
    access_log  logs/access.log  main;
    sendfile        on;
    . . . . . . . . 
    keepalive_timeout  65;
    . . . . . . . . 
    server {
    
    
        listen       80;
        server_name  www.51xit.top;
        charset utf-8;
         . . . . . . . . 
        location / {
    
    
            root   html;
            index  index.html index.php;
        }
                . . . . . . . . 
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
    
    
            root   html;
        }

Nginx access status statistics

• Enable HTTP_ STUB_ STATUS status statistics module
• Add --with-http stub status module when configuring compilation parameters
• nginx -V Check whether the installed Nginx contains the HTTP_ STUB _STATUS module

[root@localhost nginx-1.15.9]# nginx -V
nginx version: nginx/1.15.9
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module

Modify the nginx.conf configuration file

http{
    
    
	server {
    
    
		listen 80;
		server name localhost;
		charset utf-8;
		location / {
    
    
			root html;
			index index.html index.htm;
        }
		location ~/status {
    
    		##添加此段##
			stub_status on;
			access_log off;}

Test:
Enter 20.0.0.11/status in windows to view the current status statistics

Two, Nginx access control

2.1, authorization-based access control

Generate user password authentication file

[root@localhost ~]# yum install -y httpd-tools	##因为没有htpasswd工具，所以需要安装##
[root@localhost ~]# htpasswd -c /usr/local/nginx/.passwd.db test
New password:
Re-type new password:
Adding password for user test
root@localhost ~]# cat /usr/local/nginx/.passwd.db
test:$apr1$x.UaSXIM$RRLa2KJcKwsGBVsikGcrR/

Modify the main configuration file to the corresponding directory, add authentication configuration items

[root@localhost ~]# chmod 400 /usr/local/nginx/.passwd.db
[root@localhost ~]# chown nginx /usr/local/nginx/.passwd.db
[root@localhost ~]# ll -d /usr/local/nginx/.passwd.db
-r------- 1 nginx root43 5月16 22:26
/usr/local/nginx/.passwd.db

Restart service, access test

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
server {
    
    
	location / {
    
    
		auth_basic "secret";
		auth_basic_user_file /usr/local/nginx/.passwd.db;
	}
[root@localhost ~]# killall -s HUP nginx	

After logging in, welcome to nginx will appear!

2.2. Client-based access control

Through the client IP address, decide whether to allow page access
configuration rules:

• deny IP/IP segment: deny client access to a certain IP or IP segment
• allow IP/IP segment: Allow client access of a certain IP or IP segment

The rule is executed from top to bottom, if it is matched, it will stop, and no further matching
configuration steps:

• Modify the main configuration file nginx.conf and add corresponding configuration items
• Allow other clients access except host 20.0.0.1

[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
location / {
    
    
            Order deny,allow;
            Deny from 20.0.0.1;
        }
[root@localhost ~]# killall -s HUP nginx

Enter 20.0.0.25 in the browser, I can’t log in