linux学习之nginx高级配置

1、统计网站访问信息信息

http下的server主机名localhost;这里边用server_name区分主机
location /status {
stub_status on;
access_log off;
}

同仁网站制作公司哪家好,找成都创新互联!从网页设计、网站建设、微信开发、APP开发、自适应网站建设等网站项目制作,到程序开发,运营维护。成都创新互联于2013年成立到现在10年的时间,我们拥有了丰富的建站经验和运维经验,来保证我们的工作的顺利进行。专注于网站建设就选成都创新互联

2、https功能

[root@lnmp ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
打开https
server {
listen 443;
server_name lnmp.example.com;

ssl on;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;

ssl_session_timeout 5m;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm;
}
}
生成key
[root@lnmp ~]# cd /etc/pki/tls/certs/
[root@lnmp certs]# make cert.pem
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi\'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server\'s hostname) []:lnmp.example.com
Email Address []:root@lnmp.example.com
[root@lnmp certs]# cp -p cert.pem /usr/local/lnmp/nginx/conf/
[root@lnmp conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@lnmp conf]# nginx -s reload
访问https://192.168.0.142,确认风险,OK


3、虚拟主机

从网站复制
server {
listen 80;
server_name www.westos.org;
access_log logs/westos.org.access.log main;
location / {
index index.html;
root /usr/local/lnmp/nginx/virtualhost/westos.org;
}
}
server {
listen 80;
server_name www.linux.org;
access_log logs/linux.org.access.log main;
location / {
index index.html;
root /usr/local/lnmp/nginx/virtualhost/linux.org;
}
}
然后打开日志记录类型
log_format main \'$remote_addr - $remote_user [$time_local] "$request" \'
\'$status $body_bytes_sent "$http_referer" \'
\'"$http_user_agent" "$http_x_forwarded_for"\';
[root@lnmp nginx]# nginx -s reload
创建目录
[root@lnmp nginx]# mkdir virtualhost/westos.org -p
[root@lnmp nginx]# mkdir virtualhost/linux.org
[root@lnmp nginx]# echo www.westos.org >virtualhost/westos.org/index.html
[root@lnmp nginx]# echo www.linux.org >virtualhost/linux.org/index.html

真机中写入解析
192.168.0.142 www.linux.org www.westos.org


4、使用nginx反向代理做负载均衡

新开两台虚拟机,安装httpd,写入不同内容;
[root@lnmp nginx]# vim conf/nginx.conf
在http开始写入
upstream westos { 制作一个负载均衡器,供server主机访问
server 192.168.0.143;
server 192.168.0.197 weight=2;权值,决定承担任务量
}
修改
server {
listen 80;
server_name www.westos.org;
#access_log logs/westos.org.access.log main;
location / {
proxy_pass http://westos; 提交给负载均衡器
#index index.html;
#root /usr/local/lnmp/nginx/virtualhost/westos.org;
}
}
[root@lnmp nginx]# nginx -t
[root@lnmp nginx]# nginx -s reload
然后真机访问westos就会在197和143轮询。


5、nginx的安全维护

cache目录禁止用户访问,允许应用程序写入

upload目录允许用户上传,但不允许执行,防止挂马
[root@lnmp nginx]# cd html/
[root@lnmp html]# mkdir cache upload
[root@lnmp html]# chmod 777 cache/
[root@lnmp html]# chmod 777 upload/
[root@lnmp html]# vim upload/index.php
phpinfo()
?>
[root@lnmp html]# vim ../conf/nginx.conf写如下信息在php之前
location ~ "^/cache"{
return 403;
}
访问http://192.168.0.142/chche就会提示403
如果不加
location ~ "^/upload"{
}


当前题目:linux学习之nginx高级配置
文章分享:http://hbruida.cn/article/choiph.html