linux学习之nginx高级配置
http下的server主机名localhost;这里边用server_name区分主机
location /status {
stub_status on;
access_log off;
}
2、https功能
[root@lnmp ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
打开https
server {
listen 443;
server_name lnmp.example.com;
ssl on;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
生成key
[root@lnmp ~]# cd /etc/pki/tls/certs/
[root@lnmp certs]# make cert.pem
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi\'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server\'s hostname) []:lnmp.example.com
Email Address []:root@lnmp.example.com
[root@lnmp certs]# cp -p cert.pem /usr/local/lnmp/nginx/conf/
[root@lnmp conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@lnmp conf]# nginx -s reload
访问https://192.168.0.142,确认风险,OK
3、虚拟主机
从网站复制
server {
listen 80;
server_name www.westos.org;
access_log logs/westos.org.access.log main;
location / {
index index.html;
root /usr/local/lnmp/nginx/virtualhost/westos.org;
}
}
server {
listen 80;
server_name www.linux.org;
access_log logs/linux.org.access.log main;
location / {
index index.html;
root /usr/local/lnmp/nginx/virtualhost/linux.org;
}
}
然后打开日志记录类型
log_format main \'$remote_addr - $remote_user [$time_local] "$request" \'
\'$status $body_bytes_sent "$http_referer" \'
\'"$http_user_agent" "$http_x_forwarded_for"\';
[root@lnmp nginx]# nginx -s reload
创建目录
[root@lnmp nginx]# mkdir virtualhost/westos.org -p
[root@lnmp nginx]# mkdir virtualhost/linux.org
[root@lnmp nginx]# echo www.westos.org >virtualhost/westos.org/index.html
[root@lnmp nginx]# echo www.linux.org >virtualhost/linux.org/index.html
真机中写入解析
192.168.0.142 www.linux.org www.westos.org
4、使用nginx反向代理做负载均衡
新开两台虚拟机,安装httpd,写入不同内容;
[root@lnmp nginx]# vim conf/nginx.conf
在http开始写入
upstream westos { 制作一个负载均衡器,供server主机访问
server 192.168.0.143;
server 192.168.0.197 weight=2;权值,决定承担任务量
}
修改
server {
listen 80;
server_name www.westos.org;
#access_log logs/westos.org.access.log main;
location / {
proxy_pass http://westos; 提交给负载均衡器
#index index.html;
#root /usr/local/lnmp/nginx/virtualhost/westos.org;
}
}
[root@lnmp nginx]# nginx -t
[root@lnmp nginx]# nginx -s reload
然后真机访问westos就会在197和143轮询。
5、nginx的安全维护
cache目录禁止用户访问,允许应用程序写入
upload目录允许用户上传,但不允许执行,防止挂马
[root@lnmp nginx]# cd html/
[root@lnmp html]# mkdir cache upload
[root@lnmp html]# chmod 777 cache/
[root@lnmp html]# chmod 777 upload/
[root@lnmp html]# vim upload/index.php
phpinfo()
?>
[root@lnmp html]# vim ../conf/nginx.conf写如下信息在php之前
location ~ "^/cache"{
return 403;
}
访问http://192.168.0.142/chche就会提示403
如果不加
location ~ "^/upload"{
}
当前题目:linux学习之nginx高级配置
文章分享:http://hbruida.cn/article/choiph.html