2018-09-20
发布时间:2020-12-15 23:26:40 所属栏目:安全 来源:网络整理
导读:12.7 默认虚拟主机 [[email?protected] ~]# vim /usr/local/nginx/conf/nginx.conf //增加include vhost/*.conf;[[email?protected] ~]# mkdir /usr/local/nginx/conf/vhost[[email?protected] ~]# cd !$ ; vim default.conf //加入如下内容server{ listen 8
12.7 默认虚拟主机[[email?protected] ~]# vim /usr/local/nginx/conf/nginx.conf //增加 include vhost/*.conf; [[email?protected] ~]# mkdir /usr/local/nginx/conf/vhost [[email?protected] ~]# cd !$ ; vim default.conf //加入如下内容 server { listen 80 default_server; // 有这个标记的就是默认虚拟主机 server_name aaa.com; index index.html index.htm index.php; root /data/wwwroot/default; } [[email?protected] ~]# mkdir -p /data/wwwroot/default/ [[email?protected] ~]# echo “This is a default site.” > /data/wwwroot/default/index.html [[email?protected] ~]# chcon -R -t httpd_sys_content_t /data/wwwroot/ [[email?protected] ~]# firewall-cmd --permanent --add-service=http success [[email?protected] ~]# firewall-cmd --permanent --add-service=https success [[email?protected] ~]# firewall-cmd --reload success [[email?protected] ~]# /usr/local/nginx/sbin/nginx -t //测试配置文件有无错误 [[email?protected] ~]# /usr/local/nginx/sbin/nginx -s reload //重新加载配置文件 12.8 Nginx用户认证[[email?protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf server { listen 80; server_name test.com; index index.html index.htm index.php; root /data/wwwroot/test.com; location / { auth_basic "Auth"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; } } [[email?protected] ~]# mkdir /data/wwwroot/test.com [[email?protected] ~]# yum install -y httpd [[email?protected] ~]# htpasswd -c /usr/local/nginx/conf/htpasswd aming New password: Re-type new password: Adding password for user aming [[email?protected] ~]# /usr/local/nginx/sbin/nginx -t [[email?protected] ~]# /usr/local/nginx/sbin/nginx -s reload [[email?protected] ~]# curl -x127.0.0.1:80 test.com -I HTTP/1.1 401 Unauthorized Server: nginx/1.15.3 Date: Thu,20 Sep 2018 07:26:53 GMT Content-Type: text/html Content-Length: 195 Connection: keep-alive WWW-Authenticate: Basic realm="Auth" [[email?protected]ocalhost ~]# curl -uaming:aming -x127.0.0.1:80 test.com -I HTTP/1.1 200 OK Server: nginx/1.15.3 Date: Thu,20 Sep 2018 07:27:15 GMT Content-Type: text/html Content-Length: 5 Last-Modified: Thu,20 Sep 2018 07:26:17 GMT Connection: keep-alive ETag: "5ba34b99-5" Accept-Ranges: bytes 12.9 Nginx域名重定向[[email?protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/wwwroot/test.com; if ($host != ‘test.com‘ ) { rewrite ^/(.*)$ http://test.com/$1 permanent; //permanent为永久重定向,状态码为301,如果写redirect则为302 } } [[email?protected] ~]# /usr/local/nginx/sbin/nginx -t [[email?protected] ~]# /usr/local/nginx/sbin/nginx -s reload [[email?protected] default]# curl -x127.0.0.1:80 test2.com -I HTTP/1.1 301 Moved Permanently Server: nginx/1.15.3 Date: Thu,20 Sep 2018 08:20:36 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: http://test.com/ 12.10 Nginx访问日志[[email?protected] ~]# vim /usr/local/nginx/conf/nginx.conf ... log_format combined_realip ‘$remote_addr $http_x_forwarded_for [$time_local]‘ ‘ $host "$request_uri" $status‘ ‘ "$http_referer" "$http_user_agent"‘; ... [[email?protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/wwwroot/test.com; if ($host != ‘test.com‘ ) { rewrite ^/(.*)$ http://test.com/$1 permanent; } access_log /tmp/test.com.log combined_realip; //日志格式名称与nginx.conf相对应 } [[email?protected] ~]# /usr/local/nginx/sbin/nginx -t [[email?protected] ~]# /usr/local/nginx/sbin/nginx -s reload [[email?protected] ~]# cat /tmp/test.com.log 127.0.0.1 - [20/Sep/2018:16:33:55 +0800] test2.com "/" 301 "-" "curl/7.29.0" 127.0.0.1 - [20/Sep/2018:16:35:05 +0800] test2.com "/" 301 "-" "curl/7.29.0" 127.0.0.1 - [20/Sep/2018:16:38:29 +0800] test.com "/" 200 "-" "curl/7.29.0" 12.11 Nginx日志切割[[email?protected] ~]# vim /usr/local/sbin/nginx_log_rotate.sh//写入如下内容 #! /bin/bash ## 假设nginx的日志存放路径为/data/logs/ d=`date -d "-1 day" +%Y%m%d` logdir="/data/logs" nginx_pid="/usr/local/nginx/logs/nginx.pid" cd $logdir for log in `ls *.log` do mv $log $log-$d done /bin/kill -HUP `cat $nginx_pid` [[email?protected] ~]# crontab -e -u root 0 0 * * * /bin/bash /usr/local/sbin/nginx_log_rotate.sh 12.12 静态文件不记录日志和过期时间[[email?protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/wwwroot/test.com; if ($host != ‘test.com‘ ) { rewrite ^/(.*)$ http://test.com/$1 permanent; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ { expires 7d; access_log off; } location ~ .*.(js|css)$ { expires 12h; access_log off; } access_log /tmp/test.com.log combined_realip; //日志格式名称与nginx.conf相对应 } [[email?protected] ~]# /usr/local/nginx/sbin/nginx -t [[email?protected] ~]# /usr/local/nginx/sbin/nginx -s reload 12.13 Nginx防盗链[[email?protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf server { listen 80; server_name test.com test1.com test2.com; index index.html index.htm index.php; root /data/wwwroot/test.com; if ($host != ‘test.com‘ ) { rewrite ^/(.*)$ http://test.com/$1 permanent; } location ~* ^.+.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$ { expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { return 403; } access_log off; } location ~ .*.(js|css)$ { expires 12h; access_log off; } access_log /tmp/test.com.log combined_realip; //日志格式名称与nginx.conf相对应 } [[email?protected] ~]# /usr/local/nginx/sbin/nginx -t [[email?protected] ~]# /usr/local/nginx/sbin/nginx -s reload 12.14 Nginx访问控制[[email?protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf ... location /admin/ //某一目录限制 { allow 192.168.31.1; allow 127.0.0.1; deny all; } location ~ .*(upload|image)/.*.php$ //正则匹配限制 { deny all; } if ($http_user_agent ~ ‘Spider/3.0|YoudaoBot|Tomato‘) //根据user_agent限制 { return 403; //deny all和return 403效果一样 } ... [[email?protected] ~]# /usr/local/nginx/sbin/nginx -t [[email?protected] ~]# /usr/local/nginx/sbin/nginx -s reload 12.15 Nginx解析php相关配置[[email?protected] ~]# vim /usr/local/nginx/conf/vhost/test.com.conf ... location ~ .php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_dir$fastcgi_script_name; } ... 12.16 Nginx代理[[email?protected] ~]# vim /usr/local/nginx/conf/vhost/proxy.conf server { listen 80; server_name ask.apelearn.com; location / { proxy_pass http://121.201.9.155/; //需要连接服务器IP proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } 扩展 nginx.conf 配置详解 https://coding.net/u/aminglinux/p/nginx/git/tree/master/3z nginx rewrite四种flag http://unixman.blog.51cto.com/10163040/1711943 https://coding.net/u/aminglinux/p/nginx/git/blob/master/rewrite/break.md 502问题汇总 http://ask.apelearn.com/question/9109 location优先级 https://coding.net/u/aminglinux/p/nginx/git/blob/master/location/priority.md (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- angularjs – Angular-UI多个datepickers内幕表单控制器
- 异常 – 在并发程序中使用不可变映射的Scala错误?
- vim-fireplace Connect命令不会运行
- 事件 – 如何使用Angularjs中的$event更新事件点击时的ng-m
- Docker使用shell脚本运行覆盖入口点,该脚本接受参数
- Angular 4隐藏div不能正常工作
- twitter-bootstrap – 使用Knockout填充Bootstrap行和跨度
- 使用Circe for Scala编码为json时忽略无字段
- angularjs – Grunt usemin无法将rev’d图像路径插入jade p
- bash – 在每个空行上拆分大文本文件