In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Linux builds Nginx service
1.Nginx installation
2.Nginx virtual host
3.Nginx user access control, SSL encryption
First, build a Nginx server
1) install the nginx package using the source package
[root@svr ~] # yum-y install zlib-devel openssl-devel pcre-devel perl-devel make gcc / / install common dependency packages
[root@svr] # useradd-s / sbin/nologin nginx
[root@svr ~] # wget http://124.202.164.12/files/408500000A3B37E2/nginx.org/download/nginx-1.13.1.tar.gz
[root@svr ~] # tar-zxvf nginx-1.13.1.tar.gz
[root@svr ~] # cd nginx-1.13.1
[root@svr nginx-1.13.1] #. / configure\
>-- prefix=/usr/local/nginx\ / / specify the installation path
>-- user=nginx\ / / specify a user
>-- group=nginx\ / / specify a group
>-- with-http_stub_status_module\ / / enable status statistics
>-- with-http_ssl_module / / enable SSL encryption
....
[root@svr nginx-1.13.1] # make & & make install / / compile and install
2) enable nginx service
[root@svr ~] # / usr/local/nginx/sbin/nginx / / start Nginx
By default, the nginx service listens for client requests through TCP port 80:
[root@svr ~] # netstat-anptu | grep nginx
Tcp 000.0.0.0VR 800.0.0.0VOV * LISTEN 10441/nginx
3) create the test home page file for the Nginx Web server
The default home page document storage directory for the Nginx Web service is / usr/local/nginx/html/,. Create a file called index.html in this directory:
[root@svr ~] # cat / usr/local/nginx/html/index.html
Welcome to Nginx 192.168.4.5
II. User authentication and access control
To realize the authentication and access control of Web pages through Nginx, it is necessary to modify the Nginx configuration file and add allow and deny statements to the location container to achieve access control.
Add auth statement to achieve user authentication. Finally, use the htpasswd command to create the user and password.
Modify Nginx configuration file
1) modify / usr/local/nginx/conf/nginx.conf
[root@pc205 ~] # vim / usr/local/nginx/conf/nginx.conf
....
Server {
Listen 80
Server_name localhost
Auth_basic "Input Password:"; / / Authentication prompt
Auth_basic_user_file pass.txt; / / authentication password file
Location / {
Root html
Index index.html index.htm
}
Location / test {
Allow 192.168.4.205; / / access control, only 192.168.4.205 can be accessed
Deny all; / / reject all
Index index.html index.htm
}
2) create a secondary page directory and generate an index.html file
[root@svr ~] # mkdir / usr/local/nginx/html/test
[root@svr ~] # echo "test" > / usr/local/nginx/html/test/index.html
3) generate password file, create user tom and password
To create an account file using the htpasswd command, you need to make sure that httpd-tools is installed on the system.
[root@svr ~] # htpasswd-cm / usr/local/nginx/conf/pass.txt tom
New password:
Re-type new password:
Adding password for user tom
4) restart the Nginx service
[root@svr] # / usr/local/nginx/sbin/nginx-s stop
[root@svr ~] # / usr/local/nginx/sbin/nginx
Client test
1) Log in to 192.168.4.205 host for testing
Http://192.168.4.5 / / can be accessed after entering the password
Http://192.168.4.5/test / / can be accessed after entering the password
2) Log in to any other host other than 192.168.4.205 for testing
Http://192.168.4.5 / / can be accessed after entering the password
Http://192.168.4.5/test / / cannot be accessed after entering a password
3. Nginx virtual host
Implement two virtual hosts based on domain names, www.tarena.com and bbs.tarena.com, respectively
The Web service with the domain name bbs.tarena.com only allows access to 192.168.4.205
Authenticate the site with the domain name bbs.tarena.com with a user name of tom and a password of 123456
Encrypt the site with the domain name www.tarena.com by SSL
Modify Nginx configuration file, add server container to realize virtual host function, and add allow and deny statements for virtual hosts that need access control
Add auth authentication statements for virtual hosts that need to authenticate users, and add ssl-related instructions for sites that need SSL encryption.
1) modify the Nginx service configuration and add the relevant virtual host configuration as follows
[root@svr ~] # vim / usr/local/nginx/conf/nginx.conf
....
Server {
Listen 192.168.4.5 80; / / Port
Server_name bbs.tarena.com; / / domain name
Allow 192.168.4.205; / / only 192.168.4.205 can be accessed
Deny all; / / reject all
Auth_basic "Input Password:"; / / Authentication prompt
Auth_basic_user_file pass.txt; / / authentication password file
Location / {
Root bbs;// specifies the site root path
Index index.html index.htm
}
}
Server {
Listen 192.168.4.5:443
Server_name www.tarena.com
Ssl on; / / enable SSL
Ssl_certificate cert.pem; / / specify the certificate file
Ssl_certificate_key cert.key; / / specify private key file
Ssl_session_timeout 5m
Ssl_protocols SSLv2 SSLv3 TLSv1
Ssl_ciphers HIGH:!aNULL:!MD5
Ssl_prefer_server_ciphers on
Location / {
Root www; / / specify the site root path
Index index.html index.htm
}
}
2) generate private key and certificate
[root@svr ~] # openssl genrsa-out cert.key 2048 / / generate private key
[root@svr ~] # openssl req-new-x509-key cert.key-out cert.pem / / generate certificate
[root@svr ~] # cp {cert.key,cert.pem} / usr/local/nginx/conf
3) create the root directory of the website and the corresponding home page file
[root@svr ~] # mkdir / usr/local/nginx/ {www,bbs}
[root@svr ~] # echo "www" > / usr/local/nginx/www/index.html
[root@svr ~] # echo "bbs" > / usr/local/nginx/bbs/index.html
4) restart the nginx service
[root@svr] # / usr/local/nginx/sbin/nginx-s stop
[root@svr ~] # / usr/local/nginx/sbin/nginx
Client test
1) modify the / etc/hosts file for domain name resolution
[root@client ~] # vim / etc/hosts
192.168.4.5 www.tarena.com bbs.tarena.com
2) Log in to 192.168.4.205 host for testing
[root@client ~] # firefox http://bbs.tarena.com / / can be accessed after entering a password
[root@client ~] # firefox https://www.tarena.com / / can be accessed after trusting the certificate
3) Log in to any other host other than 192.168.4.205 for testing
[root@client ~] # firefox http://bbs.tarena.com / / cannot be accessed
[root@client ~] # firefox https://www.tarena.com / / you can access Linux to build a Nginx server after trusting the certificate
1.Nginx installation
2.Nginx virtual host
3.Nginx user access control, SSL encryption
First, build a Nginx server
1) install the nginx package using the source package
[root@svr ~] # yum-y install zlib-devel openssl-devel pcre-devel perl-devel make gcc / / install common dependency packages
[root@svr] # useradd-s / sbin/nologin nginx
[root@svr ~] # wget http://124.202.164.12/files/408500000A3B37E2/nginx.org/download/nginx-1.13.1.tar.gz
[root@svr ~] # tar-zxvf nginx-1.13.1.tar.gz
[root@svr ~] # cd nginx-1.13.1
[root@svr nginx-1.13.1] #. / configure\
>-- prefix=/usr/local/nginx\ / / specify the installation path
>-- user=nginx\ / / specify a user
>-- group=nginx\ / / specify a group
>-- with-http_stub_status_module\ / / enable status statistics
>-- with-http_ssl_module / / enable SSL encryption
....
[root@svr nginx-1.13.1] # make & & make install / / compile and install
2) enable nginx service
[root@svr ~] # / usr/local/nginx/sbin/nginx / / start Nginx
By default, the nginx service listens for client requests through TCP port 80:
[root@svr ~] # netstat-anptu | grep nginx
Tcp 000.0.0.0VR 800.0.0.0VOV * LISTEN 10441/nginx
3) create the test home page file for the Nginx Web server
The default home page document storage directory for the Nginx Web service is / usr/local/nginx/html/,. Create a file called index.html in this directory:
[root@svr ~] # cat / usr/local/nginx/html/index.html
Welcome to Nginx 192.168.4.5
II. User authentication and access control
To realize the authentication and access control of Web pages through Nginx, it is necessary to modify the Nginx configuration file and add allow and deny statements to the location container to achieve access control.
Add auth statement to achieve user authentication. Finally, use the htpasswd command to create the user and password.
Modify Nginx configuration file
1) modify / usr/local/nginx/conf/nginx.conf
[root@pc205 ~] # vim / usr/local/nginx/conf/nginx.conf
....
Server {
Listen 80
Server_name localhost
Auth_basic "Input Password:"; / / Authentication prompt
Auth_basic_user_file pass.txt; / / authentication password file
Location / {
Root html
Index index.html index.htm
}
Location / test {
Allow 192.168.4.205; / / access control, only 192.168.4.205 can be accessed
Deny all; / / reject all
Index index.html index.htm
}
2) create a secondary page directory and generate an index.html file
[root@svr ~] # mkdir / usr/local/nginx/html/test
[root@svr ~] # echo "test" > / usr/local/nginx/html/test/index.html
3) generate password file, create user tom and password
To create an account file using the htpasswd command, you need to make sure that httpd-tools is installed on the system.
[root@svr ~] # htpasswd-cm / usr/local/nginx/conf/pass.txt tom
New password:
Re-type new password:
Adding password for user tom
4) restart the Nginx service
[root@svr] # / usr/local/nginx/sbin/nginx-s stop
[root@svr ~] # / usr/local/nginx/sbin/nginx
Client test
1) Log in to 192.168.4.205 host for testing
Http://192.168.4.5 / / can be accessed after entering the password
Http://192.168.4.5/test / / can be accessed after entering the password
2) Log in to any other host other than 192.168.4.205 for testing
Http://192.168.4.5 / / can be accessed after entering the password
Http://192.168.4.5/test / / cannot be accessed after entering a password
3. Nginx virtual host
Implement two virtual hosts based on domain names, www.tarena.com and bbs.tarena.com, respectively
The Web service with the domain name bbs.tarena.com only allows access to 192.168.4.205
Authenticate the site with the domain name bbs.tarena.com with a user name of tom and a password of 123456
Encrypt the site with the domain name www.tarena.com by SSL
Modify Nginx configuration file, add server container to realize virtual host function, and add allow and deny statements for virtual hosts that need access control
Add auth authentication statements for virtual hosts that need to authenticate users, and add ssl-related instructions for sites that need SSL encryption.
1) modify the Nginx service configuration and add the relevant virtual host configuration as follows
[root@svr ~] # vim / usr/local/nginx/conf/nginx.conf
....
Server {
Listen 192.168.4.5 80; / / Port
Server_name bbs.tarena.com; / / domain name
Allow 192.168.4.205; / / only 192.168.4.205 can be accessed
Deny all; / / reject all
Auth_basic "Input Password:"; / / Authentication prompt
Auth_basic_user_file pass.txt; / / authentication password file
Location / {
Root bbs;// specifies the site root path
Index index.html index.htm
}
}
Server {
Listen 192.168.4.5:443
Server_name www.tarena.com
Ssl on; / / enable SSL
Ssl_certificate cert.pem; / / specify the certificate file
Ssl_certificate_key cert.key; / / specify private key file
Ssl_session_timeout 5m
Ssl_protocols SSLv2 SSLv3 TLSv1
Ssl_ciphers HIGH:!aNULL:!MD5
Ssl_prefer_server_ciphers on
Location / {
Root www; / / specify the site root path
Index index.html index.htm
}
}
2) generate private key and certificate
[root@svr ~] # openssl genrsa-out cert.key 2048 / / generate private key
[root@svr ~] # openssl req-new-x509-key cert.key-out cert.pem / / generate certificate
[root@svr ~] # cp {cert.key,cert.pem} / usr/local/nginx/conf
3) create the root directory of the website and the corresponding home page file
[root@svr ~] # mkdir / usr/local/nginx/ {www,bbs}
[root@svr ~] # echo "www" > / usr/local/nginx/www/index.html
[root@svr ~] # echo "bbs" > / usr/local/nginx/bbs/index.html
4) restart the nginx service
[root@svr] # / usr/local/nginx/sbin/nginx-s stop
[root@svr ~] # / usr/local/nginx/sbin/nginx
Client test
1) modify the / etc/hosts file for domain name resolution
[root@client ~] # vim / etc/hosts
192.168.4.5 www.tarena.com bbs.tarena.com
2) Log in to 192.168.4.205 host for testing
[root@client ~] # firefox http://bbs.tarena.com / / can be accessed after entering a password
[root@client ~] # firefox https://www.tarena.com / / can be accessed after trusting the certificate
3) Log in to any other host other than 192.168.4.205 for testing
[root@client ~] # firefox http://bbs.tarena.com / / cannot be accessed
[root@client ~] # firefox https://www.tarena.com / / can be accessed after trusting the certificate
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
