Nginx web services - basic services and access control

Nginx Brief

Nginx is a high performance, lightweight web services software, high stability, low system resources consumption, high processing power of the HTTP concurrent connections (single physical server can support concurrent requests 30,000 to 50,000).

Nginx commonly used commands

nginx -t                    检查配置文件语法
nginx                       启动nginx服务
killall -3 nginx            停止nginx服务
killall -s QUIT nginx       停止nginx服务
killall -s HUP nginx        重载nginx服务
killall -1 nginx            重载nginx服务

lab environment

1. Basic source package (no password): https://pan.baidu.com/s/14WvcmNMC6CFX1SnjHxE7JQ
2.CentOS 7 version of Linux virtual machines

Experimental Procedure

The first step: get a remote source packages on Windows, Linux and mount onto the

[root@localhost ~]# smbclient -L //192.168.235.1
Enter SAMBA\root's password: 
Sharename       Type      Comment
---------       ----      -------
LNMP            Disk  

[root@localhost ~]# mkdir /abc
[root@localhost ~]# mount.cifs //192.168.235.1/LNMP /abc
Password for root@//192.168.235.1/LNMP:  
[root@localhost ~]# ls /abc
Discuz_X3.4_SC_UTF8.zip    nginx-1.12.0.tar.gz  php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz  nginx-1.12.2.tar.gz  php-7.1.20.tar.gz

The second step: extract the source package

[root@localhost ~]# cd /abc
[root@localhost abc]# tar zxvf nginx-1.12.0.tar.gz -C /opt
[root@localhost abc]# ls /opt
nginx-1.12.0  rh

Step three: Download and install the compiler Package

[root@localhost abc]# cd /opt
[root@localhost opt]# yum install -y \
> gcc \             //C语言
> gcc-c++ \         //c++语言
> pcre-devel \      //pcre语言工具
> zlib-devel        //压缩函数库

Step Four: Create the user program and configure Nginx services related components

[root@localhost opt]# useradd -M -s /sbin/nologin nginx
//创建程序用户nginx,并限定其不可登录终端
[root@localhost opt]# cd nginx-1.12.0/
[root@localhost nginx-1.12.0]# ./configure \            
//配置nginx
> --prefix=//usr/local/nginx \      
//指定安装路径                        
> --user=nginx \
//指定用户名
> --group=nginx \
//指定用户所属组
> --with-http_stub_status_module
//安装状态统计模块

Step five: Compiling and Installing Nginx

[root@localhost nginx-1.12.0]# make && make install

Step Six: Nginx optimization service startup script, and establish command soft connection

[root@localhost nginx-1.12.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 
//创建nginx服务命令软链接到系统命令
[root@localhost nginx-1.12.0]# systemctl stop firewalld.service 
//关闭防火墙
[root@localhost nginx-1.12.0]# setenforce 0
//关闭增强型安全功能
[root@localhost nginx-1.12.0]# nginx 
//输入nginx 开启服务
[root@localhost nginx-1.12.0]# netstat -ntap | grep 80      //查看服务的80 端口,显示已开启
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7520/nginx: master  

Step 7: Use a browser to access 192.168.235.158, you can visit the home page Nginx services

Eighth step: making service management script

[root@localhost nginx-1.12.0]# cd /etc/init.d/
//切入启动配置文件目录

#!/bin/bash
# chkconfig: - 99 20                                    
##注释信息
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"           
##设置变量为nginx命令文件
PIDF="/usr/local/nginx/logs/nginx.pid"       
##设置变量PID文件 进程号为5346
case "$1" in  
    start)
        $PROG                                              ##开启服务
        ;;
    stop)
        kill -s QUIT $(cat $PIDF)                   ##关闭服务
        ;;
    restart)                                                  ##重启服务
        $0 stop
        $0 start
        ;;
    reload)                                                  ##重载服务
        kill -s HUP $(cat $PIDF)
        ;;
    *)                                                          ##错误输入提示
                echo "Usage: $0 {start|stop|restart|reload}"
                exit 1
esac
exit 0

[root@localhost init.d]# chmod +x nginx    
//授予nginx执行权限
[root@localhost init.d]# chkconfig --add nginx    
//将nginx添加到service管理器
[root@localhost init.d]# service nginx stop               
//使用service控制nginx服务停止
[root@localhost init.d]# service nginx start
//使用service控制nginx服务启动

---

---

Nginx access to state statistics

Enabling HTTP STUB _status state statistics module
● add --with-http_ compile time configuration parameters Stub Status Module
(previously we have in passing statistics module installed)
● nginx -V View installed Nginx contains HTTP STUB_ _status module

The first step: Modify Nginx.conf profile

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
//编辑Nginx.conf配置文件
 35     server {
 36         listen       80;
 37         server_name  www.bdqn.com;
//在第37行指定域名
 39         charset utf-8;
//更改第39 行的内容,使其支持utf-8(中文字符集)

 43         location / {
 44             root   html;
 45             index  index.html index.htm;
 46         }
//在第46行下添加状态统计参数
         location /status {
              stub_status on;
              ##统计模块开启
              access_log off;
              ##访问日志关闭
          }     

Step 2: Install and configure the DNS service

[root@localhost ~]# yum -y install bind
//安装DNS服务的bind包
[root@localhost ~]# vim /etc/named.conf 
//编辑主配置文件

options {
        listen-on port 53 { any; };
        ##将监听地址127.0.0.1替换为any,
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        ##将授权localhost替换为any

[root@localhost ~]# vim /etc/named.rfc1912.zones 
//编辑区域配置文件

zone "bdqn.com" IN {        type master;
##将localhost替换为域名bdqn.com
        file "bdqn.com.zone";
        ##指定区域数据配置文件bdqn.com.zone
        allow-update { none; };
};      

[root@localhost ~]# cd /var/named
[root@localhost named]# cp -p named.localhost bdqn.com.zone   
//复制区域数据配置文件模板为bdqn.com.zone
[root@localhost named]# vim bdqn.com.zone 
//编辑区域数据配置文件
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN  A       192.168.235.158
##删除原来末行的内容,添加域名解析地址为本机地址

[root@localhost named]# systemctl start named   
//开启dns服务
[root@localhost named]# systemctl stop firewalld.service    
//关闭防火墙
[root@localhost named]# setenforce 0   
//关闭增强型安全功能

Step 3: Enable the virtual machine to test a state visit WIndows statistical system

---

---

Nginx access control authorization

1. Generate user-password authentication file
2. Modify the main configuration file to the appropriate directory and add the authentication configuration item
3. Restart the service, access the test

The first step: Modify Nginx.conf profile

[root@localhost named]# vim /usr/local/nginx/conf/nginx.conf
//编辑Nginx.conf配置文件

       location / {
                auth_basic "secret";
                ##验证类型为秘密
                auth_basic_user_file /usr/local/nginx/passwd.db;
                ##指明验证文件路径
            root   html;
            index  index.html index.htm;
        }

Step 2: Install httpd-tools kit, and specify a user name and password

[root@localhost named]# yum install httpd-tools -y
//安装httpd-tools工具包
[root@localhost named]# htpasswd -c /usr/local/nginx/passwd.db test  
##创建test用户密码认证文件
New password: 
##输入密码
Re-type new password: 
##确认输入密码
Adding password for user test
[root@localhost named]# cat /usr/local/nginx/passwd.db
##查看密码文件信息
test:$apr1$mOje4UYz$BvRBABTcQB9XRG0SCCToZ1
[root@localhost named]# killall -1 nginx
//重载nginx服务

The third step: Use the tester to verify the effect of access control authorization

These are all of the contents of this website Nginx service, thank you to read !!!