Detailed tutorial on nginx function construction

Keywords: Operation & Maintenance CentOS Nginx security lamp

1, Access control

Authentication access based on user name and password
Server configuration

vim /usr/local/nginx/conf/nginx.conf

Add under the location to be verified, taking the root region as an example

location / {
		root html;
		index index.html index.htm;
		#Add the following two lines
		auth_basic "welcome you here";
		auth_basic_user_file /usr/local/nginx/html/a.psd;
	}


Create an authentication file. htpasswd is a command owned by the installation package httpd tools

cd /usr/local/nginx
htpasswd -c /usr/local/nginx/html/a.psd Access user name


Allow individual and reject all

vim /usr/local/nginx/conf/nginx.conf

Add the following rule under location

allow 172.16.1.1;	#allow access to
deny 172.16.1.0/24;		#Reject 1.0 segment

Restart service

 /usr/local/nginx/sbin/nginx -t
 pkill -HUP nginx

Client access test
172.16.1.1

172.16.1.10

2, Virtual host (domain name based)

In the main configuration file, add different server zones

vim /usr/local/nginx/conf/nginx.conf
	server {
		listen 80;
		server_name www.zcy.com;
		location / {
			root  html/zcy;
			index index.html index.htm index.php;
		}
	}
	
	server {
		listen 80;
		server_name www.qy.com;
		location / {
			root  html/qy;
			index index.html index.htm index.php;
		}
	}

Create a new site and access interface, and give nginx permission

cd /usr/local/nginx/html
mkdir zcy
mkdir qy
echo "zcyzcyzcy~~~~~~~~~~" > zcy/index.html
echo "qyqyqy~~~~~~~~~~~~~" > qy/index.html

Restart service

/usr/local/nginx/sbin/nginx -t
pkill -HUP nginx

Client test

3, Domain name jump (www.zcy.com – > www.qy. Com)

Based on the above virtual host experiment

vim /usr/local/nginx/conf/nginx.conf

Modify and add jump under the location of www.zcy.com

rewrite .*  http://www.new.com permanent;


Restart service

 /usr/local/nginx/sbin/nginx -t
 pkill -HUP nginx

Client test

4, Implement https encryption

Continue the experiment on the basis of three
https access to www.qy.com
Generate certificate

 cd /usr/local/nginx/conf  
 openssl genrsa -out cert.key 1024 
 Create server private key and generate RSA secret key
 openssl req -new -key cert.key -out cert.csr
 openssl x509 -req -days 365 -sha256 -in cert.csr -signkey cert.key -out cert.pem

Modify the main configuration file, modify the server port to 443, and add the authentication configuration

vim /usr/local/nginx/conf/nginx.conf

Add ssl encryption authentication to www.qy.com

listen 443;
		server_name www.qy.com;
		
		ssl on; 
		ssl_certificate  cert.pem;     
		ssl_certificate_key  cert.key; 
		
		ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;


Restart service

/usr/local/nginx/sbin/nginx -t
pkill -HUP nginx

Client test


5, Port jump (80 - > 443)

Continue the experiment on the basis of four
Automatically jump to www.qy.com https://www.qy.com
Modify the main configuration file and add the following

vim /usr/local/nginx/conf/nginx.conf
	server {
        listen       80;
        server_name  www.qy.com;
        location / {
                rewrite .* https://www.qy.com permanent;
        }
   }


Restart service

/usr/local/nginx/sbin/nginx -t
pkill -HUP nginx

Client test



6, Extension: http2

Continue the experiment on the basis of five
Installed with – with http_ v2_ Module parameter
Modify master profile

vim /usr/local/nginx/conf/nginx.conf
	server{
		#The value of listen plus ssl, http2
		listen 443 ssl http2;
		server_name www.qy.com;
		
		ssl on; 
		ssl_certificate  cert.pem;     
		ssl_certificate_key  cert.key; 
		
		ssl_session_timeout 5m; 
		
		ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; 			ssl_prefer_server_ciphers on;
		
		location / {
            root  html/qy;
            index index.html index.htm index.php;
		}
	}


Restart test

/usr/local/nginx/sbin/nginx -t
pkill -HUP nginx

7, Reverse proxy

Experiment on the basis of virtual host
Add a proxy website proxy under the location corresponding to the main configuration file_ pass

vim /usr/local/nginx/conf/nginx.conf
	server{
		....    #Other configurations
		location / {
			#Fill in the IP address of the real server here to proxy other hosts
			#You can also fill in other local domain names to jump
			proxy_pass http://172.16.1.20:80;			
		}
	}


Restart service

 /usr/local/nginx/sbin/nginx -t
 pkill -HUP nginx

Background real server

yum -y install httpd
echo welcome to 172.16.1.20 >/var/www/html/index.html
systemctl start httpd

test machine
Access the IP or domain name of the machine where nginx is located, and the interface content in Apache appears

8, Load balancing

Experiment on the basis of seven
Add a proxy website proxy under the location corresponding to the main configuration file_ pass

vim /usr/local/nginx/conf/nginx.conf
	#This label is added before the server label
	upstream zcy {		
       #The greater the weight, the more times it is accessed
		server 172.16.1.20:80 weight=1;
		server 172.16.1.30:80 weight=1;
	}
	
	server {
		listen 80;
		server_name www.zcy.com;
		location / {
			proxy_pass http://zcy;	
			proxy_set_header Host $host;		
		}
	}


Restart service

 /usr/local/nginx/sbin/nginx -t
 pkill -HUP nginx

Configure the real proxy server
172.16.1.20

yum -y install httpd
echo welcome to 172.16.1.20 >/var/www/html/index.html
systemctl start httpd

172.168.1.30

yum -y install httpd
echo welcome to 172.16.1.30 >/var/www/html/index.html
systemctl start httpd

Client test
After requesting www.zcy.com for many times, you can see that the obtained data comes from 172.16.1.20 once and 172.16.1.30 once

Posted by sawade on Sat, 25 Sep 2021 18:07:10 -0700

Hot Keywords

©2024 Programmer Group