nginx知识点-1

#因为是最小化安装，先安装vim编辑器，net-tools查看端口，psmisc可以使用killall命令bash-completion tab补全命令(需要重启生效)

[root@localhost ~]# yum -y install net-tools psmisc vim bash-completion
[root@localhost ~]# tar zxvf nginx-1.17.6.tar.gz 

#因为等下要源码安装nginx，所以先安装gcc make编译软件，pcre-devel是为了使nginx支持正则表达式，openssl-devel是为了nginx加密
[root@localhost ~]# cd nginx-1.17.6/ && ls
auto     CHANGES.ru  configure  html     Makefile  objs    src
CHANGES  conf        contrib    LICENSE  man       README
[root@localhost ~]# yum -y install gcc make pcre-devel openssl-devel 
[root@localhost nginx-1.17.6]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_ssl_module && make && make install 
--prefix 指定安装位置
--user 指定以哪位用户身份启动nginx
--with-http-ssl_module 使用安全网站模块
[root@localhost nginx-1.17.6]# cd /usr/local/nginx/
[root@localhost nginx]# ls
conf  html  logs  sbin
[root@localhost nginx]# sbin/nginx 
nginx: [emerg] getpwnam("nginx") failed  启动失败的原因是，编译时指定以nginx用户启动，服务器没有nginx用户，所以失败
[root@localhost nginx]# useradd nginx #创建个nginx用户
[root@localhost nginx]# sbin/nginx 
[root@localhost nginx]# netstat -ntupl |grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      4615/nginx: master 

nginx认证

访问nginx网站时，需要输入正确的用户名和密码才能访问

配置如下：

[root@localhost nginx]# pwd
/usr/local/nginx
[root@localhost nginx]# vim conf/nginx.conf
server {
        listen       80;
        server_name  localhost;
        auth_basic "password";
        auth_basic_user_file "/usr/local/nginx/pass";  认证文件
[root@localhost nginx]# sbin/nginx -s reload
htpasswd用于为指定用户生成基于网页用户身份认证的密码，由httpd-tools软件包提供。支持3种加密算法：MD5、SHA和系统上的crypt()函数，不指定算法时，默认为md5。
[root@localhost ~]# yum -y install httpd-tools
[root@localhost ~]# htpasswd -c pass tom
New password: 
Re-type new password: 
Adding password for user tom
[root@localhost nginx]# ls
client_body_temp  fastcgi_temp  logs  proxy_temp  scgi_temp
conf              html          pass  sbin        uwsgi_temp
[root@localhost nginx]# cat pass 
tom:$apr1$KVns/c9N$K3YF4Lnb3lM2nMcH/WF1r/
添加第二个用户认证以上，不需要加 -c
[root@localhost nginx]# htpasswd pass jerry
New password: 
Re-type new password: 
Adding password for user jerry
[root@localhost nginx]# cat pass
tom:$apr1$KVns/c9N$K3YF4Lnb3lM2nMcH/WF1r/
jerry:$apr1$e/pzkrYu$90EooPydjHbG.fzc8Na6c1

浏览器访问ip地址

虚拟主机

可以将网络上的每一台计算机分成多个虚拟主机，每个虚拟主机可以独立对外提供www服务，这样就可以实现一台主机对外提供多个web服务，每个虚拟主机之间是独立的，互不影响。

配置如下：

基于域名的虚拟主机

[root@localhost nginx]# vim conf/nginx.conf
server {
        listen 80;
        server_name www.b.com;
        root html_b;
        index index.html;
        }
​
    server {
        listen       80;
        server_name  www.a.com;
        #charset koi8-r;
​
        #access_log  logs/host.access.log  main;
        location / {
            root   html_a;
            index  index.html index.html;
[root@localhost nginx]# mkdir html_b && echo "test-b~~~" > html_b/index.html
[root@localhost nginx]# mkdir html_a && echo "test_a" > html_a/index.html
[root@localhost nginx]# sbin/nginx -s reload
这里没有搭建DNS服务器，就用主机映射文件暂时替用
[root@localhost nginx]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.99.5 www.a.com
192.168.99.5 www.b.com
[root@localhost nginx]# curl www.b.com
test-b~~~
[root@localhost nginx]# curl www.a.com
test_a

基于ip的虚拟主机

[root@localhost nginx]# ifconfig eth0 | sed -n "/inet/p" | awk '{print $2}' |grep ^1
192.168.88.5
[root@localhost nginx]# ifconfig eth1 | sed -n "/inet/p" | awk '{print $2}' |grep ^1
192.168.99.5
[root@localhost nginx]# vim conf/nginx.conf
server {
        listen 80;
        server_name 192.168.99.5;
        root html_b;
        index index.html;
        }
​
    server {
        listen       80;
        server_name  192.168.88.5;
        #charset koi8-r;
​
        #access_log  logs/host.access.log  main;
        location / {
            root   html_a;
            index  index.html index.htm;
        }
[root@localhost nginx]# sbin/nginx -s reload
[root@localhost nginx]# curl 192.168.88.5
test_a
[root@localhost nginx]# curl 192.168.99.5
test-b~~~

基于端口的虚拟主机

[root@localhost nginx]# vim conf/nginx.conf
server {
        listen 88;
        server_name www.a.com;
        root html_b;
        index index.html;
        }
​
    server {
        listen       80;
        server_name  www.a.com;
        #charset koi8-r;
​
        #access_log  logs/host.access.log  main;
        location / {
            root   html_a;
            index  index.html index.htm;
        }
[root@localhost nginx]# sbin/nginx -s reload
[root@localhost nginx]# curl www.a.com:88
test-b~~~
[root@localhost nginx]# curl www.a.com:80
test_a
​

nginx加密网站

https协议原理 首先，客户端与服务器建立连接，各自生成私钥和公钥，是不同的。服务器返给客户端一个公钥，然后客户端拿着这个公钥把要搜索的东西加密，称之为密文，并连并自己的公钥一起返回给服务器，服务器拿着自己的私钥解密密文，然后把响应到的数据用客户端的公钥加密，返回给客户端，客户端拿着自己的私钥解密密文，把数据呈现出来

配置如下：

[root@localhost nginx]# vim conf/nginx.conf
输入法切换英文，按esc，冒号:,输入以下情况
:101,118s/#/ /
把以下配置的#号取消注释
server {
         listen       443 ssl;
         server_name  localhost;
​
         ssl_certificate      cert.pem;
         ssl_certificate_key  cert.key;
​
         ssl_session_cache    shared:SSL:1m;
         ssl_session_timeout  5m;
​
         ssl_ciphers  HIGH:!aNULL:!MD5;
         ssl_prefer_server_ciphers  on;
​
         location / {
             root   https;
             index  index.html index.htm;
         }
     }
[root@localhost nginx]# openssl genrsa > conf/cert.key
Generating RSA private key, 2048 bit long modulus
...+++
.+++
e is 65537 (0x10001)
 openssl genrsa 命令是会用来生成 RSA 私有秘钥，不会生成公钥，因为公钥提取自私钥。生成时是可以指定私钥长度和密码保护。
[root@localhost nginx]# openssl req -x509 -key conf/cert.key > conf/cert.pem
-key:指定已有的秘钥文件生成秘钥请求
req命令主要的功能有，生成证书请求文件， 查看验证证书请求文件，还有就是生成自签名证书
-x509: 说明生成自签名证书，自签名证书又称为根证书，是自己颁发给自己的证书，即证书中的颁发者和主体名相同。
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:dc
State or Province Name (full name) []:dc
Locality Name (eg, city) [Default City]:dc
Organization Name (eg, company) [Default Company Ltd]:dc
Organizational Unit Name (eg, section) []:dc
Common Name (eg, your name or your server's hostname) []:dc
Email Address []:dc
[root@localhost nginx]# mkdir https && echo "https-test~~" > https/index.html
[root@localhost nginx]# sbin/nginx -s reload
[root@localhost nginx]# curl -k https://192.168.99.5
https-test~~

​