LNMP环境下Nginx配置

  • A+
所属分类:Linux

接着之前发布的LNMP环境搭建环境下介绍Nginx配置。

默认虚拟主机

在早期的Linux服务器上,一个服务器只能运行一个网站,也就是只能跑一个域名。但随着技术的发展,一个服务器上可以跑多个域名了,这样可以帮我们节省了成本。其实这里的服务器就叫做主机,早期一个主机只能跑一个站点,而现在不同了,一个主机可以跑多个站点,多以就有了虚拟主机的概念。“虚拟主机”的概念说明白了,我想大家应该就知道默认虚拟主机的一次概念了。通俗的说就是:任何一个域名指向这台服务器,只要是没有对应的虚拟主机,就会由这个默认虚拟默认虚拟主机来处理。

在Nginx中,第一个被Nginx加载的虚拟主机就是默认主机,它通常有一个配置用来标记默认虚拟主机。也就是说,如果没有这个标记,第一个虚拟主机为默认虚拟主机。

一般情况下,我们都会选择新建一个虚拟主机文件夹,用来配置虚拟主机的配置文件。所以要对主配置文件nginx.conf做一下修改。在最后一个}上面加入一行配置,如下:

 include vhost/*.conf
}

上面的代码的意思是:把/usr/local/nginx/conf/vhost/下面的所有以.conf结尾的文件都会被加载。

初步进行配置:

# mkdir /usr/local/nginx/conf/vhost
# cd /usr/local/nginx/conf/vhost 
# vim default.conf  //在文件中写入如下内容

default.conf的文件内容

server
{
    listen 80 default_server; //有这个default_server标记的就是默认虚拟主机
    server_name liutest.com;
    index index.html index.htm index.php;
    root /data/nginx/default;
}

进行测试

检测&重新加载配置

# /usr/local/nginx/sbin/nginx -t 
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

# /usr/local/nginx/sbin/nginx -s reload

创建索引页并访问测试

# echo "default_server" > /data/nginx/default/index.html  //创建索引页

# curl -x127.0.0.1:80 liutest.com  //访问liutest.com
default_server

# curl -x127.0.0.1:80 liu.com   //访问一个不存在的liu.com
default_server

用户认证

# cd /usr/local/nginx/conf/vhost 

# vim test.com.conf //加入以下内容

test.com.conf文件内容

server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;
    
location  /
    {
        auth_basic              "Auth";
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
}
}

代码中auth_basic表示打开认证,auth_basic_user_file表示指定用户密码文件。

注意:需要httpd环境,如果未下载可使用下面命令安装:

# yum install httpd -y

创建liu用户

# htpasswd -c /usr/local/nginx/conf/htpasswd liu
New password: 
Re-type new password: 
Adding password for user liu

检测&重新加载配置

# /usr/local/nginx/sbin/nginx -t 
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

# /usr/local/nginx/sbin/nginx -s reload

构建一个网页并访问测试:

# mkdir /data/nginx/test.com
# echo "test.com" > /data/nginx/test.com/index.html
# curl x127.0.0.1:80 test.com -I
curl: (7) Failed connect to x127.0.0.1:80; 拒绝连接
HTTP/1.1 401 Unauthorized
Server: nginx/1.8.0
Date: Sun, 28 Jul 2019 13:25:17 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

注意:状态码为401,说明该网站需要认证

域名重定向

Nginx配置中,server_name后面可以跟多个域名,permanent为永远重定向,相当于httpd的R=301另外还有一个常用的redirect,相当于httpd的R=302。 新建一个nginx_rewrite.conf文件


# mkdir /usr/local/nginx/conf/vhost/nginx_rewrite.conf

把以下内容写入文件中:

server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;

    if ($host != 'test.com' ) {
        rewrite  ^/(.*)$  http://test.com/$1  permanent;
    }

}

检测&重新加载配置

# /usr/local/nginx/sbin/nginx -t 
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

# /usr/local/nginx/sbin/nginx -s reload

进行访问测试:

# curl -x127.0.0.1:80 test1.com/test.txt -I   
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sun, 28 Jul 2019 13:43:55 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: http://test.com/test.txt

Nginx的访问日志

先查看主配置文件nginx.conf中的日志格式:

使用如下命令行:

# grep -A2 log_format /usr/local/nginx/conf/nginx.conf
    log_format liulog '$remote_addr $http_x_forwarded_for [$time_local]'
    ' $host "$request_uri" $status'
    ' "$http_referer" "$http_user_agent"';
变量名解释
$remote_addr客户端IP(公网IP)
$http_x_forwarded_for代理服务器的IP
$time_local服务器本地时间
$host访问主机名(域名)
$request_uri访问的url地址
$status状态码
$http_referer访问前的源地址
$http_user_agent用户代理

其中liulog自己定义的在nginx.conf中定义的日志格式名字。

然后再把虚拟主机配置文件中指定访问日志的路径: 新建一个nginx_rewrite.conf文件


# mkdir /usr/local/nginx/conf/vhost/nginx_log.conf

把以下内容写入文件中:

server
{
    listen 80;
    server_name test.com test1.com test2.com;
    index index.html index.htm index.php;
    root /data/nginx/test.com;

    if ($host != 'test.com' ) {
        rewrite  ^/(.*)$  http://test.com/$1  permanent;
    }
    access_log /tmp/11.log liulog;
}

检测&重新加载配置

# /usr/local/nginx/sbin/nginx -t 
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

# /usr/local/nginx/sbin/nginx -s reload

进行访问测试:

# curl -x127.0.0.1:80 test.com/liu
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>

[root@liu-server vhost]

# cat /tmp/11.log 127.0.0.1 - [28/Jul/2019:21:59:58 +0800] test.com "/liu" 404 "-" "curl/7.29.0"

Nginx防盗链

test.com.conf文件进行修改: 把原先做认证的部分:

location  /
    {
        auth_basic              "Auth";
        auth_basic_user_file   /usr/local/nginx/conf/htpasswd;
}

替换成:

location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
    expires 7d;
    valid_referers none blocked server_names  *.test.com ;
    if ($invalid_referer) {
        return 403;
    }
    access_log off;
}

检测&重新加载配置

# /usr/local/nginx/sbin/nginx -t 
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

# /usr/local/nginx/sbin/nginx -s reload

首先在/data/nginx/test.com/下面创建一个JPG文件。


# echo "liu.jpg" > /data/nginx/test.com/liu.jpg

进行访问测试:

# curl -x127.0.0.1:80 -I -e "http://liutest.com/11.txt" test.com/liu.png
HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Sun, 28 Jul 2019 14:19:42 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

test.com进行访问:

# curl -x127.0.0.1:80 -I -e "http://test.com/11.txt" test.com/liu.png   
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Sun, 28 Jul 2019 14:20:10 GMT
Content-Type: image/png
Content-Length: 8
Last-Modified: Sun, 28 Jul 2019 14:17:13 GMT
Connection: keep-alive
ETag: "5d3dae69-8"
Expires: Sun, 04 Aug 2019 14:20:10 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

根据max-age=604800,可以知道png默认缓存7天。

根据上面的测试结果,我们不仅可以看到有过期时间,还有防盗链的功能。

  • 我的微信
  • 欢迎大家,与我交流,非诚勿扰谢谢
  • weinxin
  • 奕知伴解 微信公众号
  • 扫一扫关注,从此不迷路。
  • weinxin
刘銮奕

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: