12.6 Nginx安装
12.7 默认虚拟主机
12.8 Nginx用户认证
12.9 Nginx域名重定向
扩展
nginx.conf 配置详解 http://www.ha97.com/5194.html http://my.oschina.net/duxuefeng/blog/34880
nginx rewrite四种flag http://www.netingcn.com/nginx-rewrite-flag.html
12.6 Nginx安装:
~1. cd /usr/local/src
~2.wget http://nginx.org/download/nginx-1.8.0.tar.gz
~3.tar zxf nginx-1.8.0.tar.gz
~4.cd /usr/local/nginx-1.8.0.tar.gz
~5../configure --prefix=/usr/local/nginx (此处看需求需要哪种模块就要加上。后期会用到https,再来重新编译)
~6.make && make install
~7. vim /etc/init.d/nginx 创建启动脚本 复制实例中内容
(参考https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D15Z/etc_init.d_nginx )
~8.chmod 755 /etc/init.d/nginx
~9.chkconfig --add nginx
~10.chkconfig nginx on
~11.cd /usr/local/nginx/conf/; mv nginx.conf nginx.conf.bak 配置文件
~12.vim nginx.conf 复制实例中内容
(参考https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D15Z/nginx.conf)
~13./usr/local/nginx/sbin/nginx -t
~14./etc/init.d/nginx start
~15. netstat -lntp |grep 80
测试php解析:
vi /usr/local/nginx/html/1.php 加入如下内容
<?php
echo "test php scripts.";
?>
curl localhost/1.php
实例:
[root@axinlinux-01 ~]# cd /usr/local/src
[root@axinlinux-01 src]# wget http://nginx.org/download/nginx-1.8.0.tar.gz
[root@axinlinux-01 src]# tar -zxvf nginx-1.8.0.tar.gz
[root@axinlinux-01 src]# cd nginx-1.8.0/
[root@axinlinux-01 nginx-1.8.0]# ./configure --prefix=/usr/local/nginx
[root@axinlinux-01 nginx-1.8.0]# echo $?
0
[root@axinlinux-01 nginx-1.8.0]# make
[root@axinlinux-01 nginx-1.8.0]# echo $?
0
[root@axinlinux-01 nginx-1.8.0]# make install
[root@axinlinux-01 nginx-1.8.0]# echo $?
0
[root@axinlinux-01 nginx-1.8.0]# ls /usr/local/nginx/ 看下他的目录,很小,没有多少文件
conf html logs sbin
[root@axinlinux-01 nginx-1.8.0]# ls /usr/local/nginx/conf conf下就是配置文件
fastcgi.conf fastcgi_params.default mime.types nginx.conf.default uwsgi_params
fastcgi.conf.default koi-utf mime.types.default scgi_params uwsgi_params.default
fastcgi_params koi-win nginx.conf scgi_params.default win-utf
[root@axinlinux-01 nginx-1.8.0]# ls /usr/local/nginx/html html下就是样例(index.html)
50x.html index.html
[root@axinlinux-01 nginx-1.8.0]# ls /usr/local/nginx/logs logs下就是存放日志的
[root@axinlinux-01 nginx-1.8.0]# ls /usr/local/nginx/sbin sbin下就是他的核心文件
nginx
[root@axinlinux-01 nginx-1.8.0]# /usr/local/nginx/sbin/nginx -t -t也是支持的。查看是否有错
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
下面给他创建配置文件,做启动脚本
[root@axinlinux-01 nginx-1.8.0]# vim /etc/init.d/nginx 启动脚本中复制一下内容
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
[root@axinlinux-01 nginx-1.8.0]# chmod 755 /etc/init.d/nginx
[root@axinlinux-01 nginx-1.8.0]# chkconfig --add nginx
[root@axinlinux-01 nginx-1.8.0]# chkconfig nginx on
[root@axinlinux-01 conf]# cd /usr/local/nginx/conf/
[root@axinlinux-01 conf]# ls 其实里面有一个.conf的配置文件,但是我们不用这个。重新设置一个
fastcgi.conf fastcgi_params.default mime.types nginx.conf.default uwsgi_params
fastcgi.conf.default koi-utf mime.types.default scgi_params uwsgi_params.default
fastcgi_params koi-win nginx.conf scgi_params.default win-utf
[root@axinlinux-01 conf]# mv nginx.conf nginx.conf.1 把自带的改个名字
[root@axinlinux-01 conf]# vim nginx.conf 在创建一个我们需要的,直接vim就可以了。
复制一下的:
user nobody nobody; 用来定义nginx的启动是哪个用户。其实就是这个进程的用户,比如去一个目录下读一个图片,那么是有哪个用户的身份去读的呢?就在这定义
worker_processes 2; 定义子进程有几个
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200; 定义nginx最多可以打开多少个文件
events
{
use epoll; 使用epoll模式
worker_connections 6000; 进程最多有多少个连接
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server 每个server对应的一个虚拟主机。也就是默认的虚拟主机。跟Apache的VirtualHost类似后面也可以再继续加
{
listen 80; 监听80端口
server_name localhost; 域名
index index.html index.htm index.php;
root /usr/local/nginx/html; 网站的根目录
location ~ \.php$ 用来解析php的部分
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock; 我们用的是sock,所以这样写
#fastcgi_pass 127.0.0.1:9000 如果监听的是指定的。可以这样写你需要指定的IP就可以了
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
}
}
}
[root@axinlinux-01 conf]# /usr/local/nginx/sbin/nginx -t 编辑好配置文件,检查有没有错
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@axinlinux-01 conf]# /etc/init.d/nginx start
Starting nginx (via systemctl): [ 确定 ]
[root@axinlinux-01 conf]# ps aux |grep nginx
root(父进程一般是root) 4936 0.0 0.0 24880 788 ? Ss 00:11 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 4937 0.0 0.1 27324 3364 ? S 00:11 0:00 nginx: worker process
nobody 4938 0.0 0.1 27324 3364 ? S 00:11 0:00 nginx: worker process
root 4940 0.0 0.0 112720 980 pts/0 S+ 00:11 0:00 grep --color=auto nginx
[root@axinlinux-01 conf]# vim /usr/local/nginx/html/1.php 建一个php测试一下
[root@axinlinux-01 conf]# curl localhost/1.php 我们在配置文件了设置了localhost的目录就是/usr/local/nginx/html,所以这里直接写localhost/1.php就可以了
wozhenniubi[root@axinlinux-01 conf]# 这就说明解析成功了
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
12.7 默认虚拟主机:
上一节我们定义了默认虚拟主机配置文件,其实就是第一个。当然,以下是专门来定义默认虚拟主机的配置段:
~1.vim /usr/local/nginx/conf/nginx.conf //增加:(之间配置了service的,要先把service那些删掉,在增加)
include vhost/*.conf
~2.mkdir /usr/local/nginx/conf/vhost
~3.cd !$; vim aaa.com.conf //加入如下内容
server
{
listen 80 default_server; // 有default_service这个标记的就是默认虚拟主机
server_name aaa.com;
index index.html index.htm index.php;
root /data/wwwroot/default;
}
~4.mkdir -p /data/wwwroot/default/
~5. echo “This is a default site.”>/data/wwwroot/default/index.html
~6./usr/local/nginx/sbin/nginx -t
~7./usr/local/nginx/sbin/nginx -s reload
~8.curl localhost
~9.curl -x127.0.0.1:80 123.com
实例:
[root@axinlinux-01 conf]# vim /usr/local/nginx/conf/nginx.conf
http http包含的service,在最下面定义一下include
{
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
include vhost/*.conf;
}
[root@axinlinux-01 conf]# pwd
/usr/local/nginx/conf 定义的clude就是在这个目录下的
[root@axinlinux-01 conf]# mkdir vhost 创建上面定义include的目录。就是在conf目录下的
[root@axinlinux-01 conf]# vim aaa.com.conf 创建一个比如叫aaa.com.conf的文件。注意后缀名,我们定义了vhost下的所有.conf的文件,所以要加上.conf。复制上下面的:
erver
{
listen 80 default_server; 有这个的就是默认的虚拟主机
server_name aaa.com; 名字叫aaa.com
index index.html index.htm index.php; 指定索引页
root /data/wwwroot/default; 指定网站根目录
}
以上指定了网站的根目录,还要创建/data/wwwroot/default的这个目录
[root@axinlinux-01 conf]# mkdir /data/wwwroot/default 创建default这个目录
[root@axinlinux-01 conf]# cd /data/wwwroot/default cd到这个目录
[root@axinlinux-01 default]# vim index.html vim一个index.html的文件
[root@axinlinux-01 default]# /usr/local/nginx/sbin/nginx -t 检测一下
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@axinlinux-01 default]# /usr/local/nginx/sbin/nginx -s reload 重新加载
[root@axinlinux-01 vhost]# curl localhost
“This is a default site.”
[root@axinlinux-01 vhost]# curl -x192.168.159.128:80 bbb.com
“This is a default site.” 不管访问的是什么,都是显示的这个。这个就叫默认虚拟主机
阿鑫在做的时候curl报错拒绝链接,发现没有在vhost的目录下vim aaa.com.conf。需注意
我们在vhost里创建了aaa.com.conf里面设定了default_service这个默认虚拟主机的标记。其实在vhost这个目录下可以创建很多.conf的文件(也就是虚拟主机),他也可以按顺序排列,放在第一位的就是默认虚拟主机。当然也可以通过名字,比如,aaa bbb ccc,那么aaa就是默认虚拟主机,当然这个也不是一个好的方法
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
12.8 Nginx用户认证:
需要定义一个用户密码认证的文件:
~1.vim /usr/local/nginx/conf/vhost/test.com.conf//写入如下内容
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /
{
auth_basic "Auth"; 定义用户认证的名字
auth_basic_user_file /usr/local/nginx/conf/htpasswd; 用户名密码文件
}
}
~2.yum install -y httpd 安装httpd,为的是生成密码文件。要使用htpasswd这个命令
~3.htpasswd -c /usr/local/nginx/conf/htpasswd axin
~4.-t && -s reload //测试配置并重新加载
~5.mkdir /data/wwwroot/test.com
~6.echo “test.com”>/data/wwwroot/test.com/index.html
~7.curl -x127.0.0.1:80 test.com -I//状态码为401说明需要验证
~8.curl -uaming:passwd 访问状态码变为200
~9. 编辑windows的hosts文件,然后在浏览器中访问test.com会有输入用户、密码的弹窗
~~1.针对目录的用户认证(这个网站下的某一个目录,例如admin目录)。
vim /usr/local/nginx/conf/vhost/test.com.conf 的location /后面加上admin目录就可以了
location /admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
~~2. 访问admin下的php文件(单独一个文件)的时候做用户验证
vim /usr/local/nginx/conf/vhost/test.com.conf 的location后面加上 ~admin.php
location ~ admin.php
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
实例:
[root@axinlinux-01 ~]# cd /usr/local/nginx/conf/vhost/
[root@axinlinux-01 vhost]# ls
aaa.com.conf
[root@axinlinux-01 vhost]# vim test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /
{
auth_basic "Auth"; 定义用户认证的名字
auth_basic_user_file /usr/local/nginx/conf/htpasswd; 用户名密码文件
}
}
[root@axinlinux-01 vhost]# yum install -y httpd
[root@axinlinux-01 vhost]# htpasswd -c /usr/local/nginx/conf/htpasswd axin -c代表生成密码文件和用户
New password:
Re-type new password:
Adding password for user axin
[root@axinlinux-01 vhost]# htpasswd /usr/local/nginx/conf/htpasswd user1 不加-c是生成另外一个。加了-c会覆盖之前的用户
New password:
Re-type new password:
Adding password for user user1
[root@axinlinux-01 vhost]# cat /usr/local/nginx/conf/htpasswd 这就是我们生成的两个用户
axin:$apr1$KG/Gf903$WQLRs7U4/1mCYIzvvEPsa1
user1:$apr1$8nuYvGQK$RrHaF6hRajQRyBnSrq6Al.
[root@axinlinux-01 vhost]# /usr/local/nginx/sbin/nginx -t 测试
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@axinlinux-01 vhost]# /usr/local/nginx/sbin/nginx -s reload 重新加载(如果配置里有错的话,是不会生效的。不会破坏原来nginx的服务。如果直接restart的话,万一配置文件里有错误,一重启会导致服务停掉)最好是使用reload
[root@axinlinux-01 vhost]# curl -x127.0.0.1:80 test.com 测试为401(用户认证,没有权限)
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
[root@axinlinux-01 vhost]# curl -uaxin:wangxin789 -x127.0.0.1:80 test.com 404(因为我们还没有创建他的根目录)
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
[root@axinlinux-01 vhost]# ls /data/wwwroot/ 看一下没有创建test.com
111.com 123.php abc.com default
[root@axinlinux-01 vhost]# mkdir /data/wwwroot/test.com 创建test.com的目录
[root@axinlinux-01 vhost]# echo "wozhenniubi" > /data/wwwroot/test.com/index.html 给他创建一个index.html的文件,并输入点字符
[root@axinlinux-01 vhost]# curl -uaxin:wangxin789 -x127.0.0.1:80 test.com 测试成功
wozhenniubi
已上是针对整个网站做用户认证,下面是针对一个目录下做用户认证:
~~1.
[root@axinlinux-01 vhost]# vim /usr/local/nginx/conf/vhost/test.com.conf 打开.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location /admin/ 加入admin/
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
[root@axinlinux-01 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@axinlinux-01 vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@axinlinux-01 vhost]# mkdir /data/wwwroot/test.com/admin/
[root@axinlinux-01 vhost]# echo "wozhenniubi" > /data/wwwroot/test.com/admin/index.html
[root@axinlinux-01 vhost]# curl -x127.0.0.1:80 test.com/admin/index.html -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.8.0
Date: Tue, 14 Aug 2018 07:06:49 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
[root@axinlinux-01 vhost]# curl -uaxin:wangxin789 -x127.0.0.1:80 test.com/admin/index.html -I
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Tue, 14 Aug 2018 07:07:14 GMT
Content-Type: text/html
Content-Length: 12
Last-Modified: Tue, 14 Aug 2018 07:05:11 GMT
Connection: keep-alive
ETag: "5b727f27-c"
Accept-Ranges: bytes
~~2.
[root@axinlinux-01 vhost]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
location ~ admin.php 指定单独的.php文件
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
[root@axinlinux-01 vhost]# vim /data/wwwroot/test.com/admin.php 创建这个admin.php
[root@axinlinux-01 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@axinlinux-01 vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@axinlinux-01 vhost]# curl -x127.0.0.1:80 test.com/admin.php -I 测试显示401
HTTP/1.1 401 Unauthorized
Server: nginx/1.8.0
Date: Tue, 14 Aug 2018 07:18:18 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
[root@axinlinux-01 vhost]# curl -uaxin:wangxin789 -x127.0.0.1:80 test.com/admin.php -I 指定用户200
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Tue, 14 Aug 2018 07:18:32 GMT
Content-Type: application/octet-stream
Content-Length: 26
Last-Modified: Tue, 14 Aug 2018 07:17:21 GMT
Connection: keep-alive
ETag: "5b728201-1a"
Accept-Ranges: bytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
12.9 Nginx域名重定向:
~1.更改test.com.conf(vim /usr/local/nginx/conf/vhost/test.com.conf)
~2.server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != 'test.com' ) { 跟apache的域名跳转是一样的
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
~3.server_name后面支持写多个域名,这里要和httpd的做一个对比
~4.permanent为永久重定向,状态码为301。如果写redirect则为302。暂时重定向
实例:
[root@axinlinux-01 vhost]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
listen 80;
server_name test.com test1.com test2.com
index index.html index.htm index.php;
root /data/wwwroot/test.com;
if ($host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
[root@axinlinux-01 vhost]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@axinlinux-01 vhost]# /usr/local/nginx/sbin/nginx -s reload
[root@axinlinux-01 vhost]# curl -x127.0.0.1:80 test1.com -I 301,跳转到test.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Tue, 14 Aug 2018 07:42:31 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: http://test.com/