LNMP架構虛擬主機配置、使用者認證及域名重定向
阿新 • • 發佈:2018-11-26
11月26日任務
12.6 Nginx安裝
https://my.oschina.net/u/3964535/blog/2933878
12.7 預設虛擬主機
12.8 Nginx使用者認證
12.9 Nginx域名重定向
配置nginx虛擬主機
- 修改nginx主配置檔案
[[email protected] nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
# 刪除原有的server語句塊,替換為下面的程式碼
include vhost/*.conf;
- 建立並修改虛擬主機配置檔案(預設虛擬主機)
[[email protected] nginx-1.12.2]# cd /usr/local/nginx/conf [[email protected] conf]# mkdir vhost [[email protected] conf]# cd vhost/ [[email protected] vhost]# vim aaa.com.conf server { # 指定監聽80埠,並將該虛擬主機設定為預設虛擬主機 listen 80 default_server; # 設定伺服器的名稱 server_name aaa.com; # 設定伺服器預設網頁 index index.html index.htm index.php; # 設定伺服器的根目錄 root /data/www/default; }
- 建立預設虛擬主機的根目錄及預設頁面
[[email protected] vhost]# mkdir -p /data/www/default
[[email protected] vhost]# cd /data/www/default/
[[email protected] default]# vim index.html
aaa.com
- 檢測程式碼並重啟服務
[[email protected] default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[ [email protected] default]# /usr/local/nginx/sbin/nginx -s reload
- 效果測試
[[email protected] default]# curl -x 127.0.0.1:80 aaa.com
aaa.com
# 由於是預設的虛擬主機,任何域名都可以顯示預設網頁資訊
[[email protected] default]# curl -x 127.0.0.1:80 bbb.com
aaa.com
nginx使用者認證
nginx中一個虛擬主機對於一個配置檔案
- 建立新的虛擬主機配置檔案
[[email protected] default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
# 這個不是預設虛擬主機,default_server不需要配置
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/www/test.com;
# 新增下列程式碼
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
- 建立test.com相關目錄和檔案
[[email protected] default]# mkdir /data/www/test.com
[[email protected] default]# vim /data/www/test.com/index.html
test.com
- 建立密碼檔案 由於使用者認證密碼檔案需要使用apache的htpasswd命令生成,安裝httpd,並建立使用者
[[email protected] default]# yum install -y httpd
[[email protected] default]# htpasswd -c /usr/local/nginx/conf/htpasswd test
New password:
Re-type new password:
Adding password for user test
- 重啟服務
[[email protected] default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] default]# /usr/local/nginx/sbin/nginx -s reload
- 測試效果
# 普通訪問
[[email protected] default]# curl -x 127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:24 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
# 指定使用者訪問
[[email protected] default]# curl -x 127.0.0.1:80 -utest:1 test.com -I
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:33 GMT
Content-Type: text/html
Content-Length: 8
Last-Modified: Sun, 31 Dec 2017 06:17:09 GMT
Connection: keep-alive
ETag: "5a4880e5-8"
Accept-Ranges: bytes
[[email protected] default]# curl -x 127.0.0.1:80 -utest:1 test.com
test.com
針對虛擬主機下的某個目錄進行認證
- 修改程式碼 針對某個目錄進行的認證,只需對上述的程式碼進行簡單修改即可;
[[email protected] default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/www/test.com;
# 修改location即可,其他都不變
location /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
- 重啟服務
[[email protected] default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] default]# /usr/local/nginx/sbin/nginx -s reload
- 驗證
# test.com可以訪問
[[email protected] default]# curl -x 127.0.0.1:80 test.com
test.com
# test.com下的admin目錄需要使用者認證
[[email protected] default]# curl -x 127.0.0.1:80 test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
針對虛擬主機下的某個檔案(訪問的URL)進行認證
*( 修改虛擬主機配置檔案(使用~匹配檔案)
[[email protected] default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/www/test.com;
# 修改location即可,其他都不變,這裡匹配admin.php只是對簡單的表示
# 可以使用更復雜的正則來顯示精準的檔案認證
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
- 重啟服務
[[email protected] default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] default]# /usr/local/nginx/sbin/nginx -s reload
- 驗證
[[email protected] default]# curl -x 127.0.0.1:80 test.com/admin.php<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
域名重定向
- 修改虛擬主機配置檔案
[[email protected] default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
# nginx可以配置多個主機名,apache只能使用ServerAlias來指定別名
server_name test.com test2.com;
index index.html index.htm index.php;
root /data/www/test.com;
# 在多個域名
# 判斷host是否為test.com
if ($host != 'test.com') {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
- 重啟服務
[[email protected] default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] default]# /usr/local/nginx/sbin/nginx -s reload
- 驗證
[[email protected] default]# curl -x 127.0.0.1:80 test2.com/index.html
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[[email protected] default]# curl -x 127.0.0.1:80 test2.com/admin/index.html
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[[email protected] default]# curl -x 127.0.0.1:80 test3.com/index.html
aaa.com