Nginx virtual host application, access status statistics and authorization-based access control

1. Nginx access status statistics

1.1 Install Nginx

[root@promote ~]#  useradd -s /sbin/nologin -M nginx
[root@promote ~]#  yum -y install pcre-devel zlib-devel gcc gcc-c++  pcre  make
[root@promote ~]# tar zxvf nginx-1.12.2.tar.gz 
[root@promote ~]# cd  nginx-1.12.2
[root@promote nginx-1.12.2]# ./configure  --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
[root@promote nginx-1.12.2]# make && make install

1.2 Optimize Nginx configuration

[root@promote nginx-1.12.2]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@promote nginx-1.12.2]# vim /etc/init.d/nginx 
#!/bin/bash
# chkconfig: - 99 20
# description:Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
 start)
        $PROG
        ;;
 stop)
        kill -s QUIT $(cat $PIDF)
        ;;
 restart)
        $0 stop
        $0 start
        ;;
 reload)
        kill -s HUP $(cat $PIDF)
        ;;
 *)
        echo "Usage: $0 {start|stop|restart|reload}"
        exit 1
 esac
exit 0
[root@promote nginx-1.12.2]# chmod +x /etc/init.d/nginx 

1.3 Configure Nginx configuration file

[root@promote nginx-1.12.2]#  vim /usr/local/nginx/conf/nginx.conf
    location /status {
    
    
        stub_status on;
        access_log off;
       }

1.4 Start Nginx service

[root@promote nginx-1.12.2]#  service nginx start
[root@promote nginx-1.12.2]#  netstat -atnp | grep "nginx"
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      12671/nginx: master

1.5 Access status information

• http://192.168.233.127/status
  

2. Authorization-based access control

2.1 Password file generation

[root@localhost ~]# yum -y install  httpd  ## 获取htpasswd命令
[root@localhost ~]# htpasswd -c /usr/local/nginx/passwd.db wlw
New password: 
Re-type new password: 
Adding password for user wlw
[root@localhost ~]# chown nginx  /usr/local/nginx/passwd.db 
[root@localhost ~]# chmod 400  /usr/local/nginx/passwd.db 

2.2 Nginx configuration file modification

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
     location / {
    
    
        auth_basic "secret";
        auth_basic_user_file /usr/local/nginx/passwd.db;
            root   html;
            index  index.html index.htm;
        }

2.3 Restart Nginx service

[root@localhost ~]# service nginx stop
[root@localhost ~]# service nginx start

2.4 Testing

• Visit 192.168.233.127
  
• Enter password to log in
  
• login successful
  

Three, the use of Nginx virtual host

3.1 Building a virtual host based on domain name

3.1.1 Modify Nginx service configuration file

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
 server {
    
    
      server_name www.kgc.com;
      location / {
    
    
        root /var/www/html/kgc;
        index index.html  index.php;
      }
 }

  server {
    
    
      server_name www.test.com;
      location / {
    
    
        root /var/www/html/test;
        index index.html  index.php;
      }
 }

3.1.2 Install dns resolution service

[root@localhost ~]# yum -y install bind

3.1.3 Modify dns service configuration

• Modify the dns main configuration file

[root@localhost ~]# vim /etc/named.conf
  listen-on port 53 {
    
     any; };
 allow-query     {
    
     any; };

• Modify zone configuration file

[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "kgc.com" IN {
    
    
        type master;
        file "kgc.com.zone";
        allow-update {
    
     none; };
};
zone "test.com" IN {
    
    
        type master;
        file "test.com.zone";
        allow-update {
    
     none; };
};

• Regional data configuration file modification

[root@localhost ~]# cd /var/named/
[root@localhost named]# cp -p named.localhost kgc.com.zone
[root@localhost named]# cp -p named.localhost test.com.zone

[root@localhost named]# vim kgc.com.zone 
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN A       192.168.233.127
[root@localhost named]# vim test.com.zone 
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN A       192.168.233.127
                              

3.1.4 Configure Nginx to access the page

[root@localhost named]# cd /var/www/html/
[root@localhost html]# mkdir test
[root@localhost html]# mkdir kgc
[root@localhost html]# cd kgc/
[root@localhost kgc]# vim index.html
<h1> this is kgc </h1>
[root@localhost kgc]# cd ../test
[root@localhost test]# vim index.html
<h1>this is test</h1>

3.1.5 Restart service

[root@localhost test]# systemctl start named
[root@localhost test]# service nginx stop
[root@localhost test]# service nginx start

3.1.6 Test

3.2 Building a virtual host based on ports

3.2.1 Modify Nginx configuration file

[root@promote ~]# vim /usr/local/nginx/conf/nginx.conf
  server {
    
    
      listen   192.168.233.127:80;
      server_name  192.168.233.127:80;
 }

  server {
    
    
      listen  192.168.233.127:8080;
      server_name 192.168.233.127:8080;
 }

3.2.2 Test

• Visit 192.168.233.127:80
  
• Access 192.168.233.127:8080

3.3 Build a host based on IP address

3.3.1 Add and configure dual network cards

[root@promote ~]# cd /etc/sysconfig/network-scripts/
[root@promote network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[root@promote network-scripts]# vim ifcfg-ens36
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens36
DEVICE=ens36
ONBOOT=yes
IPADDR=192.168.233.131
GATEWAY=192.168.233.2
NATMASK=225.255.255.0
DNS1=192.168.233.2
~
[root@promote network-scripts]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.233.127  netmask 255.255.255.0  broadcast 192.168.233.255
        inet6 fe80::3dad:302:3104:ef90  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a8:53:ce  txqueuelen 1000  (Ethernet)
        RX packets 563179  bytes 837263934 (798.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 103260  bytes 6462659 (6.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.233.131  netmask 255.255.255.0  broadcast 192.168.233.255
        inet6 fe80::2801:3a55:2e5d:f6dc  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a8:53:d8  txqueuelen 1000  (Ethernet)
        RX packets 69  bytes 6434 (6.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 84  bytes 12882 (12.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.3.2 Modify Nginx configuration file

[root@promote ~]# vim /usr/local/nginx/conf/nginx.conf
  server {
    
    
      listen   192.168.233.127:80;
      server_name  192.168.233.127:80;
 }

  server {
    
    
      listen  192.168.233.131:80;
      server_name 192.168.233.131:80;
 }
 [root@promote ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@promote ~]# service nginx stop
[root@promote ~]# service nginx start

3.3.3 Test

• Visit 192.168.233.127
  
• Access 192.168.233.131