CentOS7---Nginx安裝并配置虛擬主機

1、源碼安裝nginx，并提供服務(wù)腳本

源碼包的獲取：官網(wǎng)下載

實驗環(huán)境：和企業(yè)環(huán)境類似，關(guān)閉防火墻，禁用selinux，使用靜態(tài)IP地址

安裝步驟：

步驟一：安裝Nginx所需的pcre庫

[root@node01 ~]# yum install pcre-devel -y

步驟二：安裝依賴包

[root@node01 ~]# yum -y install gc gcc gcc-c++ zlib-devel openssl-devel

步驟三：創(chuàng)建用戶和用戶組

[root@node01 ~]# groupadd nginx
[root@node01 ~]# useradd -s /sbin/nologin -g nginx -M nginx

步驟四：上傳文件并解壓到指定目錄

[root@node01 ~]# wget http://www.zmynmublwnt.cn/uploads/allimg/xkiu1jngabj.gz
[root@node01 ~]# tar xf tengine-2.2.0.tar.gz -C /usr/local/src/
[root@node01 ~]# cd /usr/local/src/tengine-2.2.0/
[root@node01 tengine-2.2.0]#
[root@node01 tengine-2.2.0]# ls
AUTHORS.te  CHANGES.cn  conf       docs     man       README           tests
auto        CHANGES.ru  configure  html     modules   README.markdown  THANKS.te
CHANGES     CHANGES.te  contrib    LICENSE  packages  src

步驟五：編譯安裝

./configure --user=nginx --group=nginx \
--prefix=/usr/local/src/nginx \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_gzip_static_module

步驟六：make make install

[root@node01 tengine-2.2.0]# make && make install

步驟七：修改目錄權(quán)限

[root@node01 tengine-2.2.0]# chown -R nginx.nginx /src/tengine-2.2.0/

服務(wù)腳本：

[root@node01 ~]# cat /usr/lib/systemd/system/nginx.service
t]
Description=nginx - high performance web server
Documentation=http://www.zmynmublwnt.cn/uploads/allimg/vkk5yhmjxfn
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/src/nginx/logs/nginx.pid
ExecStartPre=/usr/local/src/nginx/sbin/nginx -t -c /usr/local/src/nginx/conf/nginx.conf
ExecStart=/usr/local/src/nginx/sbin/nginx -c /usr/local/src/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

修改了PID文件

# 重新創(chuàng)建了一個PID文件
touch /usr/local/src/nginx/logs/nginx.pid

測試：

[root@node01 ~]# systemctl daemon-reload
[root@node01 ~]# systemctl restart nginx.service
[root@node01 ~]#
[root@node01 ~]#
[root@node01 ~]# ss -lntup | grep 80
tcp    LISTEN     0      128       *:80                    *:*                   users:(("nginx",pid=13454,fd=6),("nginx",pid=13452,fd=6))
tcp    LISTEN     0      80     [::]:3306               [::]:*                   users:(("mysqld",pid=1202,fd=28))
[root@node01 ~]#
[root@node01 ~]#
[root@node01 ~]# systemctl stop  nginx.service
[root@node01 ~]#
[root@node01 ~]#
[root@node01 ~]# ss -lntup | grep 80
tcp    LISTEN     0      80     [::]:3306               [::]:*                   users:(("mysqld",pid=1202,fd=28))

2、配置基于域名的虛擬主機

步驟一：進入默認主頁路徑

[root@node01 ~]# cd /usr/local/src/nginx/html/
[root@node01 html]# ll
total 8
-rw-r--r-- 1 root root 539 Apr 16 18:07 50x.html
-rw-r--r-- 1 root root 555 Apr 16 18:07 index.html

步驟二：備份原來默認主頁并提供方一個測試頁

[root@node01 html]# cp index.html{,.bak}
[root@node01 html]# vim index.html
<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8">
		<title></title>
		<style>
			@keyframes myAnimation {
				from {
					width: 100px;
					height: 75px;
					background-color: yellow;
					border: 1px solid red;
				}

				to {
					width: 200px;
					height: 150px;
					background-color: green;
					border: 1px solid red;
				}
			}

			div {
				animation-name: myAnimation;
				transition-duration: 1s;
				transition-timing-function: ease;
				animation-iteration-count: infinite;
				animation-play-state: running;
				animation-direction: reverse;
				animation: myAnimation 10s infinite linear;
			}

			div:hover {
				display: none;
			}
		</style>
	</head>
	<body>
		<div>
		
		</div>
	</body>
</html>

步驟三：配置文件添加虛擬主機部分

[root@node01 conf]# pwd
/usr/local/src/nginx/conf
[root@node01 conf]# vim nginx.conf
server {
                listen 80;
                server_name bbs.openlab.edu;
                location / {
                root html/bbs;
                index index.html index.htm;
        }
}


        server {
                listen 80;
                server_name blog.openlab.edu;
                location / {
                root html/blog;
                index index.html index.htm;
        }
}

步驟四：沒有做DNS服務(wù)，就配置一個hosts解析

[root@node01 conf]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.11.110 bbs.openlab.edu blog.openlab.ed

步驟五：準備默認主頁

[root@node01 html]# for name in blog bbs;do mkdir $name;done
[root@node01 html]# for name in blog bbs ;do echo " $name test" > $name/index.html ;done

步驟六：重啟服務(wù)測試

[root@node01 conf]# curl http://bbs.openlab.edu
 bbs test
[root@node01 conf]# curl http://blog.openlab.edu
 blog test

3、配置nginx基于用戶和地址的訪問控制

基于地址訪問控制

server {
        listen 192.168.11.110:80;
        server_name bbs.openlab.edu;
        location / {
        autoindex on;
        root html/bbs;
        index index.html index.htm;
        deny 192.168.11.111;
        allow 192.168.11.0/24;
        deny all;
}
location /nginx_status {
        stub_status on;
        access_log off;
 }
 
 }

測試：

允許通過的地址：

[root@template ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.11.10  netmask 255.255.255.0  broadcast 192.168.11.255
        inet6 fe80::23ff:1697:647:7139  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:bc:8b:08  txqueuelen 1000  (Ethernet)
        RX packets 589  bytes 49970 (48.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 968  bytes 115511 (112.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@template ~]# curl http://bbs.openlab.edu
 bbs test

拒絕的地址：

[root@node02 ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.11.111  netmask 255.255.255.0  broadcast 192.168.11.255
        inet6 fe80::de65:5eb0:ef21:bfad  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::e8bb:875c:36dc:9aac  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:b0:1e:37  txqueuelen 1000  (Ethernet)
        RX packets 705  bytes 60926 (59.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1180  bytes 141313 (138.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node02 ~]# curl -I  http://blog.openlab.edu
HTTP/1.1 403 Forbidden
Server: Tengine/2.2.0
Date: Sun, 16 Apr 2023 11:45:53 GMT
Content-Type: text/html
Content-Length: 589
Connection: keep-alive

基于用戶控制
對于實現(xiàn)訪問網(wǎng)站或目錄密碼認證保護,nginx的HTTP基本認證模塊（HTTP Auth Basic）可以實現(xiàn)。這個模塊提供基于用戶名與密碼的驗證來保護你的站點或站點的一部分

# 在location中添加這倆行
auth_basic  "Restricted";
auth_basic_user_file /usr/local/nginx/webpass;


server {
                listen 80;
                server_name bbs.openlab.edu;
                location / {
                root html/bbs;
                index index.html index.htm;
                auth_basic  "Restricted";
                auth_basic_user_file /usr/local/src/nginx/webpass;

        }
}

創(chuàng)建賬號密碼， 此賬號密碼就是用戶訪問網(wǎng)站時需要輸入的

[root@node01 conf]# yum install httpd-tools -y

使用方法：

[root@node01 conf]# htpasswd -cm /usr/local/src/nginx/webpass tom
New password:
Re-type new password:
Adding password for user tom

[root@node01 conf]# more /usr/local/src/nginx/webpass
tom:$apr1$mlWgXfOz$6j4C758K/wsTDDdQtFH990

重新加載 Nginx 使配置修改生效

瀏覽器測試：

[root@node01 conf]# yum install elinks.x86_64 -y
[root@node1 ~]# elinks http://bbs.openlab.edu/nginx_status