三、配置虚拟主机:
1、配置基于端口的虚拟主机:
(1)在http{}配置段中新增如下server:
server {
listen 8000;
server_name localhost;
access_log /usr/local/tengine/logs/localhost8000-access.log main;
location / {
root /vhosts/web;
index index.html index.htm;
}
}
(2)创建测试页:# mkdir -pv /vhosts/web # echo "VirtualHost Port 8000
" > /vhosts/web/index.html
(3)重载服务:# nginx -t # nginx -s reload # ss -tunlp | grep :8000
(4)访问测试页:http://192.168.1.222:8000
2、配置基于IP的虚拟主机:
(1)新增一个IP:
# ip addr list | grep ens
# ip addr add 192.168.1.250/24 dev ens160
# ip addr list | grep ens
(2)在http{}配置段中新增如下server:
server {
listen 192.168.1.222:80;
server_name localhost;
access_log /usr/local/tengine/logs/192.168.1.222-access.log main;
location / {
root /vhosts/ip/192.168.1.222;
index index.html index.htm;
}
}
server {
listen 192.168.1.250:80;
server_name localhost;
access_log /usr/local/tengine/logs/192.168.1.250-access.log main;
location / {
root /vhosts/ip/192.168.1.250;
index index.html index.htm;
}
}
(3)创建测试页:
# mkdir -pv /vhosts/ip/{192.168.1.222,192.168.1.250}
# echo "VirtualHost 192.168.1.222
" > /vhosts/ip/192.168.1.222/index.html
# echo "VirtualHost 192.168.1.250
" > /vhosts/ip/192.168.1.250/index.html
(4)重载服务:# nginx -t # nginx -s reload # ss -tunlp | grep :80
(5)访问测试页:
http://192.168.1.222
http://192.168.1.250
3、配置基于主机名的虚拟主机:
(1)在http{}配置段中新增如下server:
server {
listen 80;
server_name bbs.vhosts.com;
access_log /usr/local/tengine/logs/bbs.vhosts.com-access.log main;
location / {
root /vhosts/bbs;
index index.html index.htm;
}
}
server {
listen 80;
server_name blog.vhosts.com;
access_log /usr/local/tengine/logs/blog.vhosts.com-access.log main;
location / {
root /vhosts/blog;
index index.html index.htm;
}
}
(2)创建测试页:
# mkdir -pv /vhosts/{bbs,blog}
# echo "VirtualHost bbs.vhosts.com
" > /vhosts/bbs/index.html
# echo "VirtualHost blog.vhosts.com
" > /vhosts/blog/index.html
(3)重载服务:# nginx -t # nginx -s reload # ss -tunlp | grep :80
(4)修改本地Windows 10系统的hosts文件:
C:\Windows\System32\drivers\etc\hosts,末尾新增代码:192.168.1.222 bbs.vhosts.com blog.vhosts.com
(5)访问测试页:
http://bbs.vhosts.com
http://blog.vhosts.com
四、基于来源IP实现访问控制
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
root html;
index index.html index.htm;
location / {
# 网段的写法:192.168.1.0/24
deny 192.168.1.222;
# 从上到下进行匹配,类似iptables
allow all;
}
location /bbs {
if ( $remote_addr = 192.168.1.146 ) {
return 404;
}
}
}
2、创建测试页:
# mkdir -pv /usr/local/tengine/html/bbs
# echo "Hello World
" > /usr/local/tengine/html/bbs/test.html
3、重载服务:# nginx -t # nginx -s reload # ss -tunlp | grep :80
4、分别使用192.168.1.146、192.168.1.222和192.168.199.157作为客户端进行访问:
(1)192.168.1.146:# yum -y install elinks # elinks -dump http://192.168.1.222
# elinks -dump http://192.168.1.222/bbs/test.html
(2)192.168.1.222:# yum -y install curl # curl http://192.168.1.222
# curl http://192.168.1.222/bbs/test.html
(3)192.168.199.157:
五、基于用户名/密码实现访问控制:
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
root html;
index index.html index.htm;
location /bbs {
auth_basic "Please Login";
auth_basic_user_file /usr/local/tengine/conf/.htpasswd;
}
}
2、创建测试页:
# mkdir -pv /usr/local/tengine/html/bbs
# echo "Login Successful
" > /usr/local/tengine/html/bbs/test.html
3、创建账号密码文件:
# yum -y install httpd-tools
# cd /usr/local/tengine/conf
# htpasswd -c -m .htpasswd keyso //用户名keyso,密码123456
========================================================
基于文件实现basic身份认证时所使用的账号密码生成工具:htpasswd
常用选项:
Ø -c:自动创建账号文件(仅在添加第一个用户时使用该选项)
Ø -m:使用MD5加密用户密码
Ø -s:使用SHA加密用户密码
Ø -D:删除指定用户
========================================================
4、重载服务:# nginx -t # nginx -s reload # ss -tunlp | grep :80
5、访问测试页:
http://192.168.1.222
http://192.168.1.222/bbs/test.html
六、定义status页面:
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
location /status {
stub_status on;
allow 192.168.101.120;
deny all;
access_log off;
}
}
2、重载服务:# nginx -t # nginx -s reload # ss -tunlp | grep :80
3、Windows 10访问状态页:http://192.168.1.222/status
说明:
Ø Active connections:当前活动的客户端连接数
Ø accepts:已经接收过的客户端连接总数
Ø handled:已经处理过的客户端连接总数
Ø requests:客户端的请求总数
Ø request_time:请求时间
Ø Reading:正在读取的客户端请求数
Ø Writing:正在处理请求或发送响应报文的连接数
Ø Waiting:等待发出请求的空闲连接数
七、禁止访问某一类资源:
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
location ~ \.(txt|doc)$ {
if (-f $request_filename){
root html;
break;
}
deny all;
}
}
2、创建测试页:
# echo "txt file
" > /usr/local/tengine/html/test.txt
# echo "doc file
" > /usr/local/tengine/html/test.doc
# echo "html file
" > /usr/local/tengine/html/test.html
3、重载服务:# nginx -t # nginx -s reload # ss -tunlp | grep :80
4、访问测试页:
http://192.168.1.222/test.txt
http://192.168.1.222/test.doc
http://192.168.1.222/test.html
八、root和alias(路径别名):
1、在server{}配置段中新增如下location:
server {
listen 80;
server_name localhost;
index index.html index.htm;
location /bbs {
root /vhosts/bbs;
}
location /blog {
alias /vhosts/blog;
}
}
2、创建测试页:
# mkdir -pv /vhosts/bbs/bbs
# mkdir -pv /vhosts/blog
# echo "root --> /vhosts/bbs/bbs/index.html
" > /vhosts/bbs/bbs/index.html
# echo "alias --> /vhosts/blog/index.html
" > /vhosts/blog/index.html
3、重载服务:# nginx -t # nginx -s reload # ss -tunlp | grep :80
4、访问测试页:
http://192.168.1.222/bbs
http://192.168.1.222/blog