LNMP架构虚拟主机配置、用户认证及域名重定向

11月26日任务
12.6 Nginx安装

http://www.javashuo.com/article/p-kmiwnqmu-d.html 
12.7 默认虚拟主机
12.8 Nginx用户认证
12.9 Nginx域名重定向

 

配置nginx虚拟主机

• 修改nginx主配置文件

[root@localhost nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
# 删除原有的server语句块，替换为下面的代码

include vhost/*.conf;

• 建立并修改虚拟主机配置文件（默认虚拟主机）

[root@localhost nginx-1.12.2]# cd /usr/local/nginx/conf
[root@localhost conf]# mkdir vhost
[root@localhost conf]# cd vhost/
[root@localhost vhost]# vim aaa.com.conf
server
{
    # 指定监听80端口，并将该虚拟主机设置为默认虚拟主机
    listen 80 default_server;
    
    # 设置服务器的名称
    server_name aaa.com;
    
    # 设置服务器默认网页
    index index.html index.htm index.php;
    
    # 设置服务器的根目录
    root /data/www/default;
}

• 建立默认虚拟主机的根目录及默认页面

[root@localhost vhost]# mkdir -p /data/www/default
[root@localhost vhost]# cd /data/www/default/

[root@localhost default]# vim index.html
aaa.com

• 检测代码并重启服务

[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload

• 效果测试

[root@localhost default]# curl -x 127.0.0.1:80 aaa.com
aaa.com

# 因为是默认的虚拟主机，任何域名均可以显示默认网页信息
[root@localhost default]# curl -x 127.0.0.1:80 bbb.com
aaa.com

nginx用户认证

nginx中一个虚拟主机对于一个配置文件

• 建立新的虚拟主机配置文件

[root@localhost default]# vim /usr/local/nginx/conf/vhost/test.com.conf 
server
{
    # 这个不是默认虚拟主机，default_server不须要配置
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/www/test.com;
    
    # 添加下列代码
    location /
        {
	    auth_basic "Auth";
	    auth_basic_user_file /usr/local/nginx/conf/htpasswd;
	}
}

• 建立test.com相关目录和文件

[root@localhost default]# mkdir /data/www/test.com
[root@localhost default]# vim /data/www/test.com/index.html
test.com

• 建立密码文件 因为用户认证密码文件须要使用apache的htpasswd命令生成，安装httpd，并建立用户

[root@localhost default]# yum install -y httpd
[root@localhost default]# htpasswd -c /usr/local/nginx/conf/htpasswd test
New password: 
Re-type new password: 
Adding password for user test

• 重启服务

[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload

• 测试效果

# 普通访问
[root@localhost default]# curl -x 127.0.0.1:80 test.com -I
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:24 GMT
Content-Type: text/html
Content-Length: 195
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"

# 指定用户访问
[root@localhost default]# curl -x 127.0.0.1:80 -utest:1 test.com -I 
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Sun, 31 Dec 2017 06:55:33 GMT
Content-Type: text/html
Content-Length: 8
Last-Modified: Sun, 31 Dec 2017 06:17:09 GMT
Connection: keep-alive
ETag: "5a4880e5-8"
Accept-Ranges: bytes
[root@localhost default]# curl -x 127.0.0.1:80 -utest:1 test.com 
test.com

针对虚拟主机下的某个目录进行认证

• 修改代码 针对某个目录进行的认证，只需对上述的代码进行简单修改便可；

[root@localhost default]# vim /usr/local/nginx/conf/vhost/test.com.conf 
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/www/test.com;
    
    # 修改location便可,其余都不变
    location /admin/
        {
	    auth_basic "Auth";
	    auth_basic_user_file /usr/local/nginx/conf/htpasswd;
	}
}

• 重启服务

[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload

• 验证

# test.com能够访问
[root@localhost default]# curl -x 127.0.0.1:80  test.com
test.com

# test.com下的admin目录须要用户认证
[root@localhost default]# curl -x 127.0.0.1:80  test.com/admin/
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

针对虚拟主机下的某个文件（访问的URL）进行认证

*( 修改虚拟主机配置文件（使用~匹配文件）

[root@localhost default]# vim /usr/local/nginx/conf/vhost/test.com.conf 
server
{
    listen 80;
    server_name test.com;
    index index.html index.htm index.php;
    root /data/www/test.com;
    
    # 修改location便可,其余都不变,这里匹配admin.php只是对简单的表示
    # 能够使用更复杂的正则来显示精准的文件认证
    location ~ admin.php
        {
	    auth_basic "Auth";
	    auth_basic_user_file /usr/local/nginx/conf/htpasswd;
	}
}

• 重启服务

[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload

• 验证

[root@localhost default]# curl -x 127.0.0.1:80  test.com/admin.php<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>

域名重定向

• 修改虚拟主机配置文件

[root@localhost default]# vim /usr/local/nginx/conf/vhost/test.com.conf
server
{
    listen 80;
    
    # nginx能够配置多个主机名，apache只能使用ServerAlias来指定别名
    server_name test.com test2.com;
    index index.html index.htm index.php;
    root /data/www/test.com;
    
    # 在多个域名
    # 判断host是否为test.com
    if ($host != 'test.com') {
	rewrite ^/(.*)$ http://test.com/$1 permanent;
    }
}

• 重启服务

[root@localhost default]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost default]# /usr/local/nginx/sbin/nginx -s reload

• 验证

[root@localhost default]# curl -x 127.0.0.1:80 test2.com/index.html
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[root@localhost default]# curl -x 127.0.0.1:80 test2.com/admin/index.html
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
[root@localhost default]# curl -x 127.0.0.1:80 test3.com/index.html
aaa.com