虚拟主机的配置
安装好nginx之后
[root@server5 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server5 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org;
location / {
root /www1;
index index.html;
}
}
server{
listen 80;
server_name www.linux.org;
location / {
root /www2;
index index.html;
}
}
[root@server5 ~]# mkdir /www1
[root@server5 ~]# mkdir /www2
[root@server5 ~]# cd /www1
[root@server5 www1]# vim index.html
www.westos.org
[root@server5 www1]# cd
[root@server5 ~]# cd /www2
[root@server5 www2]# vim index.html
www.linux.org浏览器测试:
[root@server5 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server5 conf]# vim nginx.conf
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /www1;
index index.html;
}
[root@server5 conf]# nginx -t
nginx: [emerg] BIO_new_file("/usr/local/lnmp/nginx/conf/cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/lnmp/nginx/conf/cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test failed
[root@server5 conf]# cd /etc/pki/tls/certs/
[root@server5 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
.........................................+++
.............................+++
writing new private key to '/tmp/openssl.0egoLz'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@localhost
[root@server5 certs]# ll cert.pem
-rw------- 1 root root 3088 Aug 7 08:14 cert.pem
[root@server5 certs]# cp cert.pem /usr/local/lnmp/nginx/conf/
[root@server5 certs]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server5 certs]# nginx -s reload浏览器测试:
重定向
1、
[root@server5 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
rewrite ^(.*)$ https://www.westos.org$1 permanent;
}
[root@server5 conf]# nginx -s reload
[root@foundation35 kiosk]# curl -I www.westos.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 00:48:43 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.westos.org
[root@foundation35 kiosk]# curl -I westos.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 00:48:48 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.westos.org
[root@foundation35 kiosk]# curl -I westos.org/index.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 00:50:04 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.westos.org/index.org
[root@foundation35 kiosk]# curl -I www.westos.org/index.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 00:50:09 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.westos.org/index.org2、
[root@server5 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
rewrite ^/bbs$ http://bbs.westos.org permanent;
rewrite ^/bbs/(.*)$ http://bbs.westos.org/$1 permanent;
}
[root@server5 conf]# nginx -s reload
[root@foundation35 kiosk]# curl -I westos.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 01:11:18 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://bbs.westos.org
[root@foundation35 kiosk]# curl -I www.westos.org/bbs
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 01:11:25 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://bbs.westos.org
[root@foundation35 kiosk]# curl -I www.westos.org/bbs/index.html
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 00:55:29 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://bbs.westos.org/index.html
[root@foundation35 kiosk]# curl -I bbs.westos.org
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 Aug 2018 00:56:45 GMT
Content-Type: text/html
Content-Length: 15
Last-Modified: Tue, 07 Aug 2018 00:51:40 GMT
Connection: keep-alive
ETag: "5b68ed1c-f"
Accept-Ranges: bytes3、
[root@server5 conf]# vim nginx.conf
server{
listen 80;
server_name www.westos.org westos.org bbs.westos.org;
if ($host = "bbs.westos.org"){
rewrite ^/(.*)$ http://www.westos.org/bbs/$1 permanent;
}
location / {
root /www1;
index index.html;
}
}
[root@server5 conf]# nginx -s reload
[root@foundation35 kiosk]# curl bbs.westos.org -I
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 01:17:33 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.westos.org/bbs/
[root@foundation35 kiosk]# curl bbs.westos.org/index.html -I
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 07 Aug 2018 01:17:42 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.westos.org/bbs/index.html
301永久重定向
302临时重定向
[root@server5 conf]# mkdir /www1/bbs
[root@server5 conf]# cd /www1/bbs
[root@server5 bbs]# vim index.html
bbs.westos.org-浏览器测试:
nginx配置文件中参数
default_type application/octet-stream: 当无法处理时的默认处理类型 Log_format 日志格式的定义
access_log: 定义日志的位置 tcp_nopush 和tcp_nodelay:解决网络延迟,磁盘延迟,配合sendfile
Keepalive_timeout :超时,持续连接超时,或者客户端超时,防止资源过多消耗 gzip 网页压缩 limit_conn
addr: 限制并发数,超出会显示503 limit_rate 带宽 limit_req zone=one
burst=5:连接数,一个窗口开5个排队数
[root@server5 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server5 conf]# vim nginx.conf
limit_conn_zone $binary_remote_addr zone=addr:10m;
server{
location /download/ {
limit_conn addr 1;
}
}
[root@server5 conf]# cd ..
[root@server5 nginx]# cd html
[root@server5 html]# mkdir download
[root@server5 html]# cd download/
[root@server5 download]# ls
vim.jpg
[root@server5 download]# nginx -t
[root@server5 download]# nginx
[root@server5 download]# nginx -s reload浏览器测试:
物理机测试:
[root@foundation35 kiosk]# ab -c10 -n 10 http://172.25.35.55/download/vim.jpg
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 172.25.35.55 (be patient).....done
Server Software: nginx
Server Hostname: 172.25.35.55
Server Port: 80
Document Path: /download/vim.jpg
Document Length: 537 bytes
Concurrency Level: 10
Time taken for tests: 0.002 seconds
Complete requests: 10
Failed requests: 1 ##显示有一个失败
(Connect: 0, Receive: 0, Length: 1, Exceptions: 0)
Write errors: 0
Non-2xx responses: 9
Total transferred: 460323 bytes
HTML transferred: 458408 bytes
Requests per second: 4644.68 [#/sec] (mean)
Time per request: 2.153 [ms] (mean)
Time per request: 0.215 [ms] (mean, across all concurrent requests)
Transfer rate: 208794.32 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.0 0 0
Processing: 0 1 0.4 1 2
Waiting: 0 1 0.3 1 1
Total: 0 1 0.5 1 2
Percentage of the requests served within a certain time (ms)
50% 1
66% 1
75% 1
80% 1
90% 2
95% 2
98% 2
99% 2
100% 2 (longest request)
[root@server5 logs]# cat access.log
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 503 537 "-" "ApacheBench/2.3"
172.25.35.250 - - [08/Aug/2018:02:40:13 +0800] "GET /download/vim.jpg HTTP/1.0" 200 453575 "-" "ApacheBench/2.3” //200,10个里面只有一个命中
server5:
[root@server5 ~]# cp mysql-boost-5.7.17.tar.gz /usr/local/lnmp/nginx/html/download/
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server{
location /download/ {
limit_rate 50k;
}
[root@server5 ~]# nginx -t
[root@server5 ~]# nginx -s reload测试:
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
location /admin/ {
allow 172.25.35.250;
deny all;
[root@server5 ~]# nginx -s reload
测试:
172.25.35.250主机:
[root@foundation35 kiosk]# curl 172.25.35.55/admin/index.html
hello,admin!
其他主机:
[root@server4 ~]# curl 172.25.35.55/admin/index.html
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>浏览器测试:
172.25.35.250主机:
其他主机:
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
location ~ .*\.(gif|jpg|png)$ {
expires 30d;
}
[root@server5 ~]# nginx -s reload
测试:
[root@foundation35 kiosk]# curl -I 172.25.35.55/vim.jpg
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 Aug 2018 19:35:52 GMT
Content-Type: image/jpeg
Content-Length: 453575
Last-Modified: Tue, 07 Aug 2018 19:35:26 GMT
Connection: keep-alive
ETag: "5b69f47e-6ebc7"
Expires: Thu, 06 Sep 2018 19:35:52 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
server5:
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
listen 80;
server_name _;
return 500;
[root@server5 ~]# nginx -s reload测试:
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server {
listen 80;
server_name _;
rewrite ^(.*) http://www.westos.org permanent;
[root@server5 ~]# nginx -s reload浏览器测试:
[root@server5 ~]# cat /www1/index.html
www.westos.org你好访问页面出现乱码:
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
charset utf-8; //添加本行
[root@server5 ~]# nginx -s reload测试:
模拟盗链
server5:
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
location / {
root /www1;
index index.html;
}
[root@server5 ~]# nginx -s reload
server3:
[root@server3 ~]# yum install httpd -y
[root@server3 ~]# cd /var/www/html
[root@server3 html]# vim index.html
<html>
<body>
<img src=”http://www.westos.org/images/iso7.gif”>
</body>
</html>
[root@server3 html]# /etc/init.d/mysqld start浏览器可以查看:
当访问server3时:
防盗链
方式一:
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
location / {
root /www1;
index index.html;
}
location ~ \.(gif|jpg|png)$ {
root /www1;
valid_referers none blocked www.westos.org;
if ($invalid_referer){
return 403;
}
}
[root@server5 ~]# nginx -s reload浏览器测试:
方式二:
[root@server5 ~]# vim /usr/local/lnmp/nginx/conf/nginx.conf
server{
listen 80;
server_name www.westos.org westos.org;
location / {
root /www1;
index index.html;
}
location ~ \.(gif|jpg|png)$ {
root /www1;
valid_referers none blocked www.westos.org;
if ($invalid_referer){
#return 403;
rewrite ^/ http://bbs.westos.org/daolian.jpg;
}
}
server{
listen 80;
server_name bbs.westos.org;
location / {
root /www2;
index index.html;
}
[root@server5 ~]# nginx -s reload浏览器测试:
