LNMP环境下Nginx配置
PC端可以访问
https://www.liuluanyi.cn
接着之前发布的LNMP环境搭建环境下介绍Nginx配置。
默认虚拟主机
在早期的Linux服务器上,一个服务器只能运行一个网站,也就是只能跑一个域名。但随着技术的发展,一个服务器上可以跑多个域名了,这样可以帮我们节省了成本。其实这里的服务器就叫做主机,早期一个主机只能跑一个站点,而现在不同了,一个主机可以跑多个站点,多以就有了虚拟主机的概念。“虚拟主机”的概念说明白了,我想大家应该就知道默认虚拟主机的一次概念了。通俗的说就是:任何一个域名指向这台服务器,只要是没有对应的虚拟主机,就会由这个默认虚拟默认虚拟主机来处理。
在Nginx中,第一个被Nginx加载的虚拟主机就是默认主机,它通常有一个配置用来标记默认虚拟主机。也就是说,如果没有这个标记,第一个虚拟主机为默认虚拟主机。
一般情况下,我们都会选择新建一个虚拟主机文件夹,用来配置虚拟主机的配置文件。所以要对主配置文件nginx.conf做一下修改。在最后一个}上面加入一行配置,如下:
include vhost/*.conf
}
上面的代码的意思是:把/usr/local/nginx/conf/vhost/下面的所有以.conf结尾的文件都会被加载。
初步进行配置:
# mkdir /usr/local/nginx/conf/vhost
# cd /usr/local/nginx/conf/vhost
# vim default.conf //在文件中写入如下内容
default.conf的文件内容
server
{
listen 80 default_server; //有这个default_server标记的就是默认虚拟主机
server_name liutest.com;
index index.html index.htm index.php;
root /data/nginx/default;
}
进行测试
检测&重新加载配置
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
创建索引页并访问测试
# echo "default_server" > /data/nginx/default/index.html //创建索引页
# curl -x127.0.0.1:80 liutest.com //访问liutest.com
default_server
# curl -x127.0.0.1:80 liu.com //访问一个不存在的liu.com
default_server
用户认证
# cd /usr/local/nginx/conf/vhost
# vim test.com.conf //加入以下内容
test.com.conf文件内容
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
}
代码中auth_basic表示打开认证,auth_basic_user_file表示指定用户密码文件。
注意:需要httpd环境,如果未下载可使用下面命令安装:
# yum install httpd -y
创建liu用户
# htpasswd -c /usr/local/nginx/conf/htpasswd liu
New password:
Re-type new password:
Adding password for user liu
检测&重新加载配置
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
构建一个网页并访问测试:
# mkdir /data/nginx/test.com
# echo "test.com" > /data/nginx/test.com/index.html
# curl x127.0.0.1:80 test.com -I
curl: (7) Failed connect to x127.0.0.1:80; 拒绝连接
HTTP/1.1 401 Unauthorized
Server: nginx/1.8.0
Date: Sun, 28 Jul 2019 13:25:17 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
WWW-Authenticate: Basic realm="Auth"
注意:状态码为401,说明该网站需要认证
域名重定向
在Nginx配置中,server_name后面可以跟多个域名,permanent为永远重定向,相当于httpd的R=301另外还有一个常用的redirect,相当于httpd的R=302。新建一个nginx_rewrite.conf文件
# mkdir /usr/local/nginx/conf/vhost/nginx_rewrite.conf
把以下内容写入文件中:
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
}
检测&重新加载配置
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
进行访问测试:
# curl -x127.0.0.1:80 test1.com/test.txt -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sun, 28 Jul 2019 13:43:55 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: http://test.com/test.txt
Nginx的访问日志
先查看主配置文件nginx.conf中的日志格式:
使用如下命令行:
# grep -A2 log_format /usr/local/nginx/conf/nginx.conf
log_format liulog '$remote_addr $http_x_forwarded_for [$time_local]'
' $host "$request_uri" $status'
' "$http_referer" "$http_user_agent"';
变量名 | 解释 |
|---|---|
$remote_addr | 客户端IP(公网IP) |
$http_x_forwarded_for | 代理服务器的IP |
$time_local | 服务器本地时间 |
$host | 访问主机名(域名) |
$request_uri | 访问的url地址 |
$status | 状态码 |
$http_referer | 访问前的源地址 |
$http_user_agent | 用户代理 |
其中liulog自己定义的在nginx.conf中定义的日志格式名字。
然后再把虚拟主机配置文件中指定访问日志的路径:新建一个nginx_rewrite.conf文件
# mkdir /usr/local/nginx/conf/vhost/nginx_log.conf
把以下内容写入文件中:
server
{
listen 80;
server_name test.com test1.com test2.com;
index index.html index.htm index.php;
root /data/nginx/test.com;
if ($host != 'test.com' ) {
rewrite ^/(.*)$ http://test.com/$1 permanent;
}
access_log /tmp/11.log liulog;
}
检测&重新加载配置
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
进行访问测试:
# curl -x127.0.0.1:80 test.com/liu
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
[root@liu-server vhost]# cat /tmp/11.log
127.0.0.1 - [28/Jul/2019:21:59:58 +0800] test.com "/liu" 404 "-" "curl/7.29.0"
Nginx防盗链
对test.com.conf文件进行修改:把原先做认证的部分:
location /
{
auth_basic "Auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
}
替换成:
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)$
{
expires 7d;
valid_referers none blocked server_names *.test.com ;
if ($invalid_referer) {
return 403;
}
access_log off;
}
检测&重新加载配置
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
首先在/data/nginx/test.com/下面创建一个JPG文件。
# echo "liu.jpg" > /data/nginx/test.com/liu.jpg
进行访问测试:
# curl -x127.0.0.1:80 -I -e "http://liutest.com/11.txt" test.com/liu.png
HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Sun, 28 Jul 2019 14:19:42 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
用test.com进行访问:
# curl -x127.0.0.1:80 -I -e "http://test.com/11.txt" test.com/liu.png
HTTP/1.1 200 OK
Server: nginx/1.8.0
Date: Sun, 28 Jul 2019 14:20:10 GMT
Content-Type: image/png
Content-Length: 8
Last-Modified: Sun, 28 Jul 2019 14:17:13 GMT
Connection: keep-alive
ETag: "5d3dae69-8"
Expires: Sun, 04 Aug 2019 14:20:10 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
根据max-age=604800,可以知道png默认缓存7天。
根据上面的测试结果,我们不仅可以看到有过期时间,还有防盗链的功能。