linux学习之nginx高级配置

nginx帮助网站wiki.nginx.org


1、统计网站访问信息信息

http下的server主机名localhost;这里边用server_name区分主机
        location /status {
            stub_status on;
            access_log off;
        }
访问http://192.168.0.142/status会显示访问量信息


2、https功能

[root@lnmp ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
打开https
    server {
        listen       443;
        server_name  lnmp.example.com;

        ssl                  on;
        ssl_certificate      cert.pem;
        ssl_certificate_key  cert.pem;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
生成key
[root@lnmp ~]# cd /etc/pki/tls/certs/
[root@lnmp certs]# make  cert.pem
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:lnmp.example.com
Email Address []:[email protected]
[root@lnmp certs]# cp -p cert.pem /usr/local/lnmp/nginx/conf/
[root@lnmp conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@lnmp conf]# nginx -s reload
访问https://192.168.0.142,确认风险,OK


3、虚拟主机

从网站复制
 server {
 listen          80;
 server_name     www.westos.org;
 access_log      logs/westos.org.access.log main;
 location / {
 index index.html;
 root  /usr/local/lnmp/nginx/virtualhost/westos.org;
 }
 }
 server {
 listen          80;
 server_name     www.linux.org;
 access_log      logs/linux.org.access.log main;
 location / {
 index index.html;
 root  /usr/local/lnmp/nginx/virtualhost/linux.org;
 }
 }
然后打开日志记录类型
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
[root@lnmp nginx]# nginx -s reload
创建目录
[root@lnmp nginx]# mkdir virtualhost/westos.org -p
[root@lnmp nginx]# mkdir virtualhost/linux.org
[root@lnmp nginx]# echo www.westos.org >virtualhost/westos.org/index.html
[root@lnmp nginx]# echo www.linux.org >virtualhost/linux.org/index.html

真机中写入解析
192.168.0.142   www.linux.org www.westos.org
访问www.linux.org和www.westos.org


4、使用nginx反向代理做负载均衡

新开两台虚拟机,安装httpd,写入不同内容;
[root@lnmp nginx]# vim conf/nginx.conf
在http开始写入
        upstream westos { 制作一个负载均衡器,供server主机访问
        server 192.168.0.143;
        server 192.168.0.197 weight=2;权值,决定承担任务量
        }
修改
server {
listen          80;
server_name     www.westos.org;
#access_log      logs/westos.org.access.log main;
location / {
proxy_pass http://westos; 提交给负载均衡器
#index index.html;
#root  /usr/local/lnmp/nginx/virtualhost/westos.org;
}
}
[root@lnmp nginx]# nginx -t
[root@lnmp nginx]# nginx -s reload
然后真机访问westos就会在197和143轮询。


5、nginx的安全维护

cache目录禁止用户访问,允许应用程序写入

upload目录允许用户上传,但不允许执行,防止挂马
[root@lnmp nginx]# cd html/
[root@lnmp html]# mkdir cache upload
[root@lnmp html]# chmod 777 cache/
[root@lnmp html]# chmod 777 upload/
[root@lnmp html]# vim upload/index.php
<?php
phpinfo()
?>
[root@lnmp html]# vim ../conf/nginx.conf写如下信息在php之前
        location ~ "^/cache"{
        return 403;
        }
访问http://192.168.0.142/chche就会提示403
如果不加
        location ~ "^/upload"{
        }
访问http://192.168.0.142/upload/index.php就会显示php信息
加上的话,就提示下载,不会运行。

你可能感兴趣的:(linux)