#因为是最小化安装,先安装vim编辑器,net-tools查看端口,psmisc可以使用killall命令bash-completion tab补全命令(需要重启生效)
- [root@localhost ~]# yum -y install net-tools psmisc vim bash-completion
- [root@localhost ~]# tar zxvf nginx-1.17.6.tar.gz
-
- #因为等下要源码安装nginx,所以先安装gcc make编译软件,pcre-devel是为了使nginx支持正则表达式,openssl-devel是为了nginx加密
- [root@localhost ~]# cd nginx-1.17.6/ && ls
- auto CHANGES.ru configure html Makefile objs src
- CHANGES conf contrib LICENSE man README
- [root@localhost ~]# yum -y install gcc make pcre-devel openssl-devel
- [root@localhost nginx-1.17.6]# ./configure --prefix=/usr/local/nginx --user=nginx --with-http_ssl_module && make && make install
- --prefix 指定安装位置
- --user 指定以哪位用户身份启动nginx
- --with-http-ssl_module 使用安全网站模块
- [root@localhost nginx-1.17.6]# cd /usr/local/nginx/
- [root@localhost nginx]# ls
- conf html logs sbin
- [root@localhost nginx]# sbin/nginx
- nginx: [emerg] getpwnam("nginx") failed 启动失败的原因是,编译时指定以nginx用户启动,服务器没有nginx用户,所以失败
- [root@localhost nginx]# useradd nginx #创建个nginx用户
- [root@localhost nginx]# sbin/nginx
- [root@localhost nginx]# netstat -ntupl |grep 80
- tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4615/nginx: master
配置如下:
- [root@localhost nginx]# pwd
- /usr/local/nginx
- [root@localhost nginx]# vim conf/nginx.conf
- server {
- listen 80;
- server_name localhost;
- auth_basic "password";
- auth_basic_user_file "/usr/local/nginx/pass"; 认证文件
- [root@localhost nginx]# sbin/nginx -s reload
- htpasswd用于为指定用户生成基于网页用户身份认证的密码,由httpd-tools软件包提供。支持3种加密算法:MD5、SHA和系统上的crypt()函数,不指定算法时,默认为md5。
- [root@localhost ~]# yum -y install httpd-tools
- [root@localhost ~]# htpasswd -c pass tom
- New password:
- Re-type new password:
- Adding password for user tom
- [root@localhost nginx]# ls
- client_body_temp fastcgi_temp logs proxy_temp scgi_temp
- conf html pass sbin uwsgi_temp
- [root@localhost nginx]# cat pass
- tom:$apr1$KVns/c9N$K3YF4Lnb3lM2nMcH/WF1r/
- 添加第二个用户认证以上,不需要加 -c
- [root@localhost nginx]# htpasswd pass jerry
- New password:
- Re-type new password:
- Adding password for user jerry
- [root@localhost nginx]# cat pass
- tom:$apr1$KVns/c9N$K3YF4Lnb3lM2nMcH/WF1r/
- jerry:$apr1$e/pzkrYu$90EooPydjHbG.fzc8Na6c1
浏览器访问ip地址
配置如下:
基于域名的虚拟主机
- [root@localhost nginx]# vim conf/nginx.conf
- server {
- listen 80;
- server_name www.b.com;
- root html_b;
- index index.html;
- }
-
- server {
- listen 80;
- server_name www.a.com;
- #charset koi8-r;
-
- #access_log logs/host.access.log main;
- location / {
- root html_a;
- index index.html index.html;
- [root@localhost nginx]# mkdir html_b && echo "test-b~~~" > html_b/index.html
- [root@localhost nginx]# mkdir html_a && echo "test_a" > html_a/index.html
- [root@localhost nginx]# sbin/nginx -s reload
- 这里没有搭建DNS服务器,就用主机映射文件暂时替用
- [root@localhost nginx]# vim /etc/hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 192.168.99.5 www.a.com
- 192.168.99.5 www.b.com
- [root@localhost nginx]# curl www.b.com
- test-b~~~
- [root@localhost nginx]# curl www.a.com
- test_a
基于ip的虚拟主机
- [root@localhost nginx]# ifconfig eth0 | sed -n "/inet/p" | awk '{print $2}' |grep ^1
- 192.168.88.5
- [root@localhost nginx]# ifconfig eth1 | sed -n "/inet/p" | awk '{print $2}' |grep ^1
- 192.168.99.5
- [root@localhost nginx]# vim conf/nginx.conf
- server {
- listen 80;
- server_name 192.168.99.5;
- root html_b;
- index index.html;
- }
-
- server {
- listen 80;
- server_name 192.168.88.5;
- #charset koi8-r;
-
- #access_log logs/host.access.log main;
- location / {
- root html_a;
- index index.html index.htm;
- }
- [root@localhost nginx]# sbin/nginx -s reload
- [root@localhost nginx]# curl 192.168.88.5
- test_a
- [root@localhost nginx]# curl 192.168.99.5
- test-b~~~
基于端口的虚拟主机
- [root@localhost nginx]# vim conf/nginx.conf
- server {
- listen 88;
- server_name www.a.com;
- root html_b;
- index index.html;
- }
-
- server {
- listen 80;
- server_name www.a.com;
- #charset koi8-r;
-
- #access_log logs/host.access.log main;
- location / {
- root html_a;
- index index.html index.htm;
- }
- [root@localhost nginx]# sbin/nginx -s reload
- [root@localhost nginx]# curl www.a.com:88
- test-b~~~
- [root@localhost nginx]# curl www.a.com:80
- test_a
-
配置如下:
- [root@localhost nginx]# vim conf/nginx.conf
- 输入法切换英文,按esc,冒号:,输入以下情况
- :101,118s/#/ /
- 把以下配置的#号取消注释
- server {
- listen 443 ssl;
- server_name localhost;
-
- ssl_certificate cert.pem;
- ssl_certificate_key cert.key;
-
- ssl_session_cache shared:SSL:1m;
- ssl_session_timeout 5m;
-
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
-
- location / {
- root https;
- index index.html index.htm;
- }
- }
- [root@localhost nginx]# openssl genrsa > conf/cert.key
- Generating RSA private key, 2048 bit long modulus
- ...+++
- .+++
- e is 65537 (0x10001)
- openssl genrsa 命令是会用来生成 RSA 私有秘钥,不会生成公钥,因为公钥提取自私钥。生成时是可以指定私钥长度和密码保护。
- [root@localhost nginx]# openssl req -x509 -key conf/cert.key > conf/cert.pem
- -key:指定已有的秘钥文件生成秘钥请求
- req命令主要的功能有,生成证书请求文件, 查看验证证书请求文件,还有就是生成自签名证书
- -x509: 说明生成自签名证书,自签名证书又称为根证书,是自己颁发给自己的证书,即证书中的颁发者和主体名相同。
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [XX]:dc
- State or Province Name (full name) []:dc
- Locality Name (eg, city) [Default City]:dc
- Organization Name (eg, company) [Default Company Ltd]:dc
- Organizational Unit Name (eg, section) []:dc
- Common Name (eg, your name or your server's hostname) []:dc
- Email Address []:dc
- [root@localhost nginx]# mkdir https && echo "https-test~~" > https/index.html
- [root@localhost nginx]# sbin/nginx -s reload
- [root@localhost nginx]# curl -k https://192.168.99.5
- https-test~~