linux 学习笔记-047-Nginx 安装,默认虚拟主机,Nginx 用户认证和域名重定向

发布于 2018-03-13  399 次阅读


Nginx 安装

[root@am-01:~#] cd /usr/local/src/

[root@am-01:/usr/local/src#] wget http://nginx.org/download/nginx-1.12.1.tar.gz

--2018-03-13 23:02:59--  http://nginx.org/download/nginx-1.12.1.tar.gz

正在解析主机 nginx.org (nginx.org)... 206.251.255.63, 95.211.80.227, 2606:7100:1:69::3f, ...

正在连接 nginx.org (nginx.org)|206.251.255.63|:80... 已连接。

已发出 HTTP 请求,正在等待回应... 200 OK

长度:981093 (958K) [application/octet-stream]

正在保存至: “nginx-1.12.1.tar.gz”



100%[========================================================>] 981,093     45.2KB/s 用时 13s   



2018-03-13 23:03:18 (76.4 KB/s) - 已保存 “nginx-1.12.1.tar.gz” [981093/981093])

#下载 nginx-1.12.1 的包
[root@am-01:/usr/local/src#] tar zxvf nginx-1.12.1.tar.gz

[root@am-01:/usr/local/src/nginx-1.12.1#] ./configure --prefix=/usr/local/nginx

[root@am-01:/usr/local/src/nginx-1.12.1#] make

[root@am-01:/usr/local/src/nginx-1.12.1#] make install

[root@am-01:/usr/local/src/nginx-1.12.1#] ls /usr/local/nginx/

conf  html  logs  sbin

[root@am-01:/usr/local/src/nginx-1.12.1#] ls /usr/local/nginx/conf/

fastcgi.conf            koi-utf             nginx.conf           uwsgi_params

fastcgi.conf.default    koi-win             nginx.conf.default   uwsgi_params.default

fastcgi_params          mime.types          scgi_params          win-utf

fastcgi_params.default  mime.types.default  scgi_params.default

[root@am-01:/usr/local/src/nginx-1.12.1#] ls /usr/local/nginx/html/

50x.html  index.html

[root@am-01:/usr/local/src/nginx-1.12.1#] ls /usr/local/nginx/logs/

[root@am-01:/usr/local/src/nginx-1.12.1#] ls /usr/local/nginx/sbin/

nginx

[root@am-01:/usr/local/src/nginx-1.12.1#] /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

#解压并安装 nginx.conf 存放的是配置文件,html 存放的是样例文件,logs 存放的是日志文件,sbin 存放的是进程,sbin 目录下 nginx 的-t 参数可以查看配置文件是否有错误
[root@am-01:/usr/local/src/nginx-1.12.1#] vim /etc/init.d/nginx

  #!/bin/bash

  # chkconfig: - 30 21

  # description: http service.

  # Source Function Library

  . /etc/init.d/functions

  # Nginx Settings

  NGINX_SBIN="/usr/local/nginx/sbin/nginx"

  NGINX_CONF="/usr/local/nginx/conf/nginx.conf"

  NGINX_PID="/usr/local/nginx/logs/nginx.pid"

  RETVAL=0

  prog="Nginx"

  start()

  {

      echo -n $"Starting $prog: "

      mkdir -p /dev/shm/nginx_temp

      daemon $NGINX_SBIN -c $NGINX_CONF

      RETVAL=$?

      echo

      return $RETVAL

  }

  stop()

  {

      echo -n $"Stopping $prog: "

      killproc -p $NGINX_PID $NGINX_SBIN -TERM

      rm -rf /dev/shm/nginx_temp

      RETVAL=$?

      echo

      return $RETVAL

  }

  reload()

  {

      echo -n $"Reloading $prog: "

      killproc -p $NGINX_PID $NGINX_SBIN -HUP

      RETVAL=$?

      echo

      return $RETVAL

  }

  restart()

  {

      stop

      start

  }

  configtest()

  {

      $NGINX_SBIN -c $NGINX_CONF -t

      return 0

  }

  case "$1" in

    start)

          start

          ;;

    stop)

          stop

          ;;

    reload)

          reload

          ;;

    restart)

          restart

          ;;

    configtest)

          configtest

          ;;

    *)

          echo $"Usage: $0 {start|stop|reload|restart|configtest}"

          RETVAL=1

  esac

  exit $RETVAL

[root@am-01:/usr/local/src/nginx-1.12.1#] chmod 755 /etc/init.d/nginx

[root@am-01:/usr/local/src/nginx-1.12.1#] chkconfig --add nginx

[root@am-01:/usr/local/src/nginx-1.12.1#] chkconfig nginx on

#编辑 nginx 的启动脚本文件,设置权限为 755,把 nginx 加入系统服务项,设置为开机自启动
[root@am-01:/usr/local/src/nginx-1.12.1#] cd /usr/local/nginx/conf/

[root@am-01:/usr/local/nginx/conf#] mv nginx.conf nginx.conf.bak

[root@am-01:/usr/local/nginx/conf#] vim nginx.conf

  user nobody nobody;

#定义启动 nginx 服务的用户

  worker_processes 2;

#定义子进程有几个

  error_log /usr/local/nginx/logs/nginx_error.log crit;

  pid /usr/local/nginx/logs/nginx.pid;

#定义错误日志和 PID

  worker_rlimit_nofile 51200;

#定义最多能打开多少个文件

  events

  {

      use epoll;

#使用 epoll 模式

      worker_connections 6000;

#定义进程最多有多少个连接

  }

  http

  {

      include mime.types;

      default_type application/octet-stream;

      server_names_hash_bucket_size 3526;

      server_names_hash_max_size 4096;

      log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'

      ' $host "$request_uri" $status'

      ' "$http_referer" "$http_user_agent"';

      sendfile on;

      tcp_nopush on;

      keepalive_timeout 30;

      client_header_timeout 3m;

      client_body_timeout 3m;

      send_timeout 3m;

      connection_pool_size 256;

      client_header_buffer_size 1k;

      large_client_header_buffers 8 4k;

      request_pool_size 4k;

      output_buffers 4 32k;

      postpone_output 1460;

      client_max_body_size 10m;

      client_body_buffer_size 256k;

      client_body_temp_path /usr/local/nginx/client_body_temp;

      proxy_temp_path /usr/local/nginx/proxy_temp;

      fastcgi_temp_path /usr/local/nginx/fastcgi_temp;

      fastcgi_intercept_errors on;

      tcp_nodelay on;

      gzip on;

      gzip_min_length 1k;

      gzip_buffers 4 8k;

      gzip_comp_level 5;

      gzip_http_version 1.1;

      gzip_types text/plain application/x-javascript text/css text/htm

      application/xml;

      server

      {

          listen 80;

          server_name localhost;

#域名

          index index.html index.htm index.php;

          root /usr/local/nginx/html;

#网站根目录

          location ~ \.php$

          {

              include fastcgi_params;

              fastcgi_pass unix:/tmp/php-fcgi.sock;

#指定 php-fpm 服务的监听端口或监听 sock,可以写成"fastcgi_pass 127.0.0.1:9000;"

              fastcgi_index index.php;

              fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;

          }   

#这部分用来解析 php

      }

#每一个 server 对应一个虚拟主机,server 这块必须要有

  }

#备份原来的配置文件并自定义 nginx 配置文件
[root@am-01:/usr/local/nginx/conf#] /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@am-01:/usr/local/nginx/conf#] service nginx start

Starting nginx (via systemctl):  Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

                                                           [失败]

[root@am-01:/usr/local/nginx/conf#] ps -aux | grep httpd

root      60820  0.0  0.0 263184   756 ?        Ss   2 月 28   1:01 /usr/local/apache2.4/bin/httpd

daemon    85992  0.0  0.0 617660   428 ?        Sl   3 月 08   0:00 /usr/local/apache2.4/bin/httpd

daemon    85993  0.0  0.0 550012   380 ?        Sl   3 月 08   0:00 /usr/local/apache2.4/bin/httpd

daemon    85994  0.0  0.0 617660   540 ?        Sl   3 月 08   0:00 /usr/local/apache2.4/bin/httpd

root      88358  0.0  0.0 112680   980 pts/1    S+   00:00   0:00 grep --color=auto httpd

[root@am-01:/usr/local/nginx/conf#] /usr/local/apache2.4/bin/apachectl stop

[root@am-01:/usr/local/nginx/conf#] ps -aux | grep httpd

root      88420  0.0  0.0 112676   980 pts/1    S+   00:01   0:00 grep --color=auto httpd

[root@am-01:/usr/local/nginx/conf#] service nginx start

Starting nginx (via systemctl):                            [  确定  ]

[root@am-01:/usr/local/nginx/conf#] ps -aux | grep nginx

root      88450  0.0  0.0  20500   620 ?        Ss   00:01   0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

nobody    88451  0.0  0.3  22944  3208 ?        S    00:01   0:00 nginx: worker process

nobody    88452  0.0  0.3  22944  3208 ?        S    00:01   0:00 nginx: worker process

root      88454  0.0  0.0 112676   980 pts/1    S+   00:02   0:00 grep --color=auto nginx

#测试一下配置文件是否正确,启动 nginx(我这里提示了一个错误,这是因为我启动了 httpd,把 80 端口占用了),可见有两个子进程且用户为 nobody,父进程用户为 root
[root@am-01:/usr/local/nginx/conf#] curl localhost

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

    body {

        width: 35em;

        margin: 0 auto;

        font-family: Tahoma, Verdana, Arial, sans-serif;

    }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>



<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>



<p><em>Thank you for using nginx.</em></p>

</body>

</html>

#使用 curl 测试也可以见到 nginx 已经正常运行
[root@am-01:/usr/local/nginx/conf#] cd /usr/local/nginx/html/

[root@am-01:/usr/local/nginx/html#] vim 1.php

  <?php

  phpinfo();

  ?>

#新建一个 1.php 的页面,然后到客户端浏览器测试

在客户端浏览器测试,可以见到,已经能正常解析 php 页面

images

Nginx 默认虚拟主机

[root@am-01:/usr/local/nginx/html#] cd ../conf/

[root@am-01:/usr/local/nginx/conf#] vim nginx.conf

  include vhost/*.conf

#删除 server 那一部分,替换为"include vhost/*.conf",注意要放到 http 里面
[root@am-01:/usr/local/nginx/conf#] pwd

/usr/local/nginx/conf

[root@am-01:/usr/local/nginx/conf#] mkdir vhost

[root@am-01:/usr/local/nginx/conf#] cd vhost/

[root@am-01:/usr/local/nginx/conf/vhost#] vim aaa.com.conf

  server

  {

      listen 80 default_server;

#监听 80 端口,有"default_server",意味着是一个默认虚拟主机

      server_name aaa.com;

#指定 servername

      index index.html index.htm index.php;

#设置索引页 

    root /data/wwwroot/default;

#设置站点文件夹

  }

#在 conf 目录下新建 vhost 目录,在这个目录下新建一个虚拟主机配置文件叫 aaa.com.conf,同时写入一些配置
[root@am-01:/usr/local/nginx/conf/vhost#] cd /data/wwwroot/

[root@am-01:/data/wwwroot#] mkdir default

[root@am-01:/data/wwwroot#] vim default/index.html

  This is the default site.

[root@am-01:/data/wwwroot#] /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@am-01:/data/wwwroot#] /usr/local/nginx/sbin/nginx -s reload

[root@am-01:/data/wwwroot#] curl localhost

This is the default site.

#在对应目录下创建目录,并新建 index.html 做测试,其中-t 是检查配置文件是否有错误,-s reload 是重载配置文件,最后使用 curl 测试是都配置成功

知识点:

01:nginx.conf 支持 include 语法

02:vhost/目录下第一个配置文件即为默认虚拟主机,也可以在虚拟主机配置文件中添加 default_server 来指定哪个配置文件是默认虚拟主机

Nginx 用户认证

[root@am-01:/data/wwwroot#] cd /usr/local/nginx/conf/vhost/

[root@am-01:/usr/local/nginx/conf/vhost#] vim test.com.conf

  server

  {

      listen 80;

      server_name test.com;

      index index.html index.htm index.php;

      root /data/wwwroot/test.com;

   

      location  /

      {

          auth_basic "Auth";

#定义用户认证的名字

          auth_basic_user_file /usr/local/nginx/conf/htpasswd;

#定义用户名密码的文件

      }

  }

#新建"test.com.conf",做一些设置
[root@am-01:/usr/local/nginx/conf/vhost#] /usr/local/apache2.4/bin/htpasswd -c /usr/local/nginx/conf/htpasswd am

New password:

Re-type new password:

Adding password for user am

[root@am-01:/usr/local/nginx/conf/vhost#] /usr/local/apache2.4/bin/htpasswd /usr/local/nginx/conf/htpasswd am01

New password:

Re-type new password:

Adding password for user am01

[root@am-01:/usr/local/nginx/conf/vhost#] cat /usr/local/nginx/conf/htpasswd

am:$apr1$p3uBr9tJ$lsLWiTfXqFys.dafif6wQ/

am01:$apr1$VckuJUZx$ckbKa53BZqpxXP1qQ5Idr.

[root@am-01:/usr/local/nginx/conf/vhost#] /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@am-01:/usr/local/nginx/conf/vhost#] /usr/local/nginx/sbin/nginx -s reload

#创建用户,第二次创建用户的时候不需要-c 参数,要不然会重置整个文件夹,测试配置文件是否有错误并重新加载配置文件(重载配置文件有个好处,即就算配置文件写错了,那么重载就不会生效,从而不影响原有的服务)
[root@am-01:/usr/local/nginx/conf/vhost#] mkdir /data/wwwroot/test.com/

[root@am-01:/usr/local/nginx/conf/vhost#] touch /data/wwwroot/test.com/index.html

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80 -u am:itsupport.0 test.com -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 16:51:39 GMT

Content-Type: text/html

Content-Length: 0

Last-Modified: Tue, 13 Mar 2018 16:51:36 GMT

Connection: keep-alive

ETag: "5aa80198-0"

Accept-Ranges: bytes

#创建对应目录,创建 index.html 文件,测试,正常
[root@am-01:/usr/local/nginx/conf/vhost#] vim test.com.conf

  location  /admin/

[root@am-01:/usr/local/nginx/conf/vhost#] /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@am-01:/usr/local/nginx/conf/vhost#] /usr/local/nginx/sbin/nginx -s reload

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80  test.com -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 16:54:08 GMT

Content-Type: text/html

Content-Length: 0

Last-Modified: Tue, 13 Mar 2018 16:51:36 GMT

Connection: keep-alive

ETag: "5aa80198-0"

Accept-Ranges: bytes

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80  test.com/admin/ -I

HTTP/1.1 401 Unauthorized

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 17:00:50 GMT

Content-Type: text/html

Content-Length: 195

Connection: keep-alive

WWW-Authenticate: Basic realm="Auth"

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80  -uam:itsupport.0 test.com/admin/ -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 17:01:19 GMT

Content-Type: text/html

Content-Length: 4

Last-Modified: Tue, 13 Mar 2018 16:55:57 GMT

Connection: keep-alive

ETag: "5aa8029d-4"

Accept-Ranges: bytes

#把 location 选项修改为目录/admin/,即可以限制访问/admin/目录
[root@am-01:/usr/local/nginx/conf/vhost#] vim test.com.conf

  location  ~ admin.php

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80  test.com/admin/ -I

HTTP/1.1 200 OK

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 17:03:25 GMT

Content-Type: text/html

Content-Length: 4

Last-Modified: Tue, 13 Mar 2018 16:55:57 GMT

Connection: keep-alive

ETag: "5aa8029d-4"

Accept-Ranges: bytes

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80  test.com/admin.php -I

HTTP/1.1 401 Unauthorized

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 17:03:30 GMT

Content-Type: text/html

Content-Length: 195

Connection: keep-alive

WWW-Authenticate: Basic realm="Auth"

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80  -uam:itsupport.0 test.com/admin.php -I

HTTP/1.1 404 Not Found

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 17:03:39 GMT

Content-Type: text/html

Content-Length: 169

Connection: keep-alive

#修改 location 选项修改为目录~ admin.php,即可针对页面做访问限制

Nginx 域名重定向

[root@am-01:/usr/local/nginx/conf/vhost#] vim test.com.conf

  server

  {

      listen 80;

      server_name test.com test2.com test3.com;

#nginx 的 server_name 后面支持写多个域名,这里要和 httpd 的做一个对比

      index index.html index.htm index.php;

      root /data/wwwroot/test.com;

      if ($host != 'test.com' ) {

          rewrite  ^/(.*)$  http://test.com/$1  permanent;

      }

#设置 rewrite 规则,和 apache 的域名跳转类似,^等于 http://$host,permanent 为永久重定向,状态码为 301,如果写 redirect 则为 302

      location  ~ admin.php

      {

          auth_basic "Auth";

          auth_basic_user_file /usr/local/nginx/conf/htpasswd;

      }

  }

#修改配置文件,添加域名跳转语句
[root@am-01:/usr/local/nginx/conf/vhost#] /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@am-01:/usr/local/nginx/conf/vhost#] /usr/local/nginx/sbin/nginx -s reload

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80 test2.com/admin -I

HTTP/1.1 301 Moved Permanently

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 17:12:53 GMT

Content-Type: text/html

Content-Length: 185

Connection: keep-alive

Location: http://test.com/admin

[root@am-01:/usr/local/nginx/conf/vhost#] curl -x127.0.0.1:80 test3.com/admin/1215454115 -I

HTTP/1.1 301 Moved Permanently

Server: nginx/1.12.1

Date: Tue, 13 Mar 2018 17:13:09 GMT

Content-Type: text/html

Content-Length: 185

Connection: keep-alive

Location: http://test.com/admin/1215454115

#测试可见域名重定向已经生效

扩展

nginx.conf 配置详解:

http://www.ha97.com/5194.html

http://my.oschina.net/duxuefeng/blog/34880

nginx rewrite 四种 flag:

http://www.netingcn.com/nginx-rewrite-flag.html

http://unixman.blog.51cto.com/10163040/1711943