Nginx搭建，访问控制

一、Nginx

1.优点

1)多并发数：30000 - 50000

2)网易、腾讯等

3)新闻、论坛等

4)静态网页

5)轻量级

6)nginx+tomcat：负载均衡

Apache：模块化设计

特点：

1)多并发数：30000-50000

2)模块较少(缓存、群集)

3)轻量化(工作模式event)

二、Nginx

源代码

1.安装软件包

1)rm -rf /etc/yum.repos.d/*

2)vim /etc/yum.repos.d/local.repo

[name] name=local baseurl=file:///mnt gpgcheck=0 enable=1

3)yum -y install lrzsz //安装软件包，支持鼠标上传文件

4)yum -y install pcre-devel //支持地址重写功能(防盗链)

5)useradd -M -s /sbin/nologin nginx //新建运行用户

6)tar -zxvf nginx-1.6.0.tar.gz -C /usr/src/ //解压nginx源码包

7)cd /usr/src/nginx-1.6.0/ //进入nginx源码解压目录

8)./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module

详解：

--user：指定运行用户

--group：指定运行组

--with-http_stub_status_module：启用状态统计模块支持

8)make && make install

2.修改配置文件

vim /usr/local/nginx/conf/nginx.conf //编辑nginx主配置文件

user nobody nginx; //指定Nginx运行用户和组 worker_processes 1; //启动进程数(根据物理CPU个数设置) error_log logs/error.log info; //定义错误日志，记录级别为info(信息)

pid logs/nginx.pid; //指定PID文件（存储程序进程号）位置

events { use epoll; //使用epoll网络I/O模型，优化Nginx worker_connections 1024; //每个工作进程允许最大的同时连接数 }

http { include mime.types;

//额外加载该文件(mime.types内定义各文件类型映像，如image/png png；png格式文件为图片类型;主要用于识别文件类型，什么类型使浏览器用什么方式呈现)

default_type  application/octet-stream;	//默认响应为文件流

access_log  logs/access.log  main;			//指定所有站点访问日志存放路径

sendfile        on;					//打开系统函数sendfile()提高性能
tcp_nopush     on;					//sendfile开启后才生效，调用tcp_cork方法
#keepalive_timeout  0;
keepalive_timeout  65;				//会话保持时间，指定时间内客户端无访问请求，断开连接，需连接时重新请求

gzip  on;						//网页压缩

server {
    listen       80;					//定义服务器监听端口
    server_name  localhost;					//定义服务器名及监听IP

    charset utf-8;					//网站的字符编码

    access_log  logs/host.access.log  main;		//指定当前站点访问日志存放路径
    location / {						////匹配客户端所有请求，执行如下操作
        root   html;					//网页存放目录
        index  index.html index.htm;			//Nginx首页支持页面
    }


    error_page   500 502 503 504  /50x.html;
    location = /50x.html {					//错误页面

    }

}

}

3.启动服务

1)ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ 或echo "PATH=$PATH:/usr/local/nginx/sbin/" >>/etc/profile && source /etc/profile

//将命令做软链接或加入到PATH环境变量，方便命令执行

2)vim /etc/init.d/nginx

#!/bin/bash

chkconfig: - 99 20

description: Nginx Server Control Script

NP="/usr/local/nginx/sbin/nginx" NPF="/usr/local/nginx/logs/nginx.pid" case "$1" in start) $NP; if [ $? -eq 0 ] then echo "nginx is starting!! " fi ;; stop) kill -s QUIT $(cat $NPF) if [ $? -eq 0 ] then echo "nginx is stopping!! " fi ;; restart) $0 stop $0 start ;; reload) kill -s HUP $(cat $NPF) if [ $? -eq 0 ] then echo "nginx config file is reload! " fi ;; *) echo "Usage: $0 {start|stop|restart|reload}" exit 1 esac exit 0

3)chmod +x /etc/init.d/nginx

4)/etc/init.d/nginx start && chkconfig --level 35 nginx on

5)nginx -t //检查配置文件是否有误

4.增加状态统计支持

1)vim /usr/local/nginx/conf/nginx.conf

location  /status {			//在server下添加如下行
    stub_status on;
    access_log off;
}

2)/etc/init.d/nginx restart

3)http://192.168.1.10/status

5.aws状态统计页面

1)awstats部署

tar -zxvf awstats-7.3.tar.gz //解压

mv awstats-7.3 /usr/local/awstats //移动并重命名为/usr/local/awstats目录

chown -R root:root /usr/local/awstats //设置目录所有者及所有组为root用户

chmod -R 755 /usr/local/awstats/ //给予所有者完整权限

chmod +x /usr/local/awstats/tools/*.pl //给予所有以.pl结尾的文件所有人拥有执行权限

chmod +x /usr/local/awstats/wwwroot/cgi-bin/*.pl //给予所有以.pl结尾的文件所有人拥有执行权限

2)awstats配置

cd /usr/local/awstats/tools/

./awstats_configure.pl //生成配置文件及目录(y-->none-->y-->主机名-->回车-->回车)

vim /etc/awstats/awstats.www.xueluo.org.conf //编辑生成的配置文件

50 LogFile="/usr/local/nginx/logs/access.log" //修改Nginx访问日志路径

mkdir /var/lib/awstats //创建图表存放目录

/usr/local/awstats/wwwroot/cgi-bin/awstats.pl --update --config=www.xueluo.org //根据日志生成图表

3)生成html静态页面

mkdir /usr/local/nginx/html/awstats //创建静态页面存放目录

./awstats_buildstaticpages.pl --update --config=www.xueluo.org --lang=cn --dir=/usr/local/nginx/html/awstats/

//根据配置文件生成中文的html静态文件到/usr/local/nginx/html/awstats/

vim /usr/local/nginx/conf/nginx.conf

39 location ~ ^/awstats { 40 root /usr/local/nginx/html/awstats; 41 index index.html; 42 } 43 44 location ~ ^/icon|/css|/js|/classess { 45 root /usr/local/awstats/wwwroot/; 46 }

crontab -e //新建计划任务，每隔5分钟生成图表并转换为html文件

*/5 * * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl --update --config=www.xueluo.org && /usr/local/awstats/tools/awstats_buildstaticpages.pl --update --config=www.xueluo.org --lang=cn --dir=/usr/local/nginx/html/awstats/  

4)访问

http://IP/awstats.www.xueluo.org.html 一、访问控制

1.生成密码认证文件(htpasswd) yum -y install httpd-tools

1)rm -rf /etc/yum.repos.d/*

2)vim /etc/yum.repos.d/local.repo

[local] name=local baseurl=file:///mnt gpgcheck=0

3)mount /dev/cdrom /mnt

4)yum -y install httpd-tools

5)htpasswd -c /usr/local/nginx/conf/.hehe hehe

6)chown nginx /usr/local/nginx/conf/.hehe && chmod 400 /usr/local/nginx/conf/.hehe

2.修改配置文件，添加认证选项

1)vim /usr/local/nginx/conf/nginx.conf

location /status { //Server配置项下增加 stub_status on; access_log off; auth_basic "secret"; //基本认证 auth_basic_user_file /usr/local/nginx/conf/.hehe; //指定用户认证配置文件路径 }

3.重启服务，测试

1)/etc/init.d/nginx restart

二、虚拟主机

1.实现方式

1)基于域名：不同域名、相同IP、相同端口

2)基于IP：不同域名、不同IP、相同端口

3)基于端口：不同域名、不同IP、不同端口

三、基于域名

1.DNS搭建

1)安装bind软件包

rm -rf /etc/yum.repos.d/*

vim /etc/yum.repos.d/local.repo

[local] name=local baseurl=file:///mnt gpgcheck=0

mount /dev/cdrom /mnt

yum -y install bind bind-utils

2)编辑配置文件

vim /etc/named.conf

options { listen-on port 53 { 192.168.1.10; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursion yes;

dnssec-enable no;
dnssec-validation no;

}

zone "xueluo.org" IN { type master; file "xueluo.org.zone"; };

cp /var/named/named.empty /var/named/xueluo.org.zone

vim /var/named/xueluo.org.zone

$TTL 86400 @ IN SOA xueluo.org. root.xueluo.org. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.xueluo.org. ns IN A 192.168.1.10 www IN A 192.168.1.10 image IN A 192.168.1.10

3)启动服务并测试

chown named:named /var/named/xueluo.org.zone

/etc/init.d/named restart

2.编辑nginx配置文件

1)vim /usr/local/nginx/conf/nginx.conf

111 server { 112 listen 80; 113 server_name www.xueluo.org; 114 115 location / { 116 root /usr/local/nginx/html/www; 117 index index.html; 118 } 119 }

121 server { 122 listen 80; 123 server_name image.xueluo.org; 124 125 location / { 126 root /usr/local/nginx/html/image; 127 index index.html; 128 } 129 }

2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image

3)echo "www is www" >/usr/local/nginx/html/www/index.html

4)echo "image is image" >/usr/local/nginx/html/image/index.html

3.启动服务

1)nginx -t //验证配置文件是否有误

2)/etc/init.d/nginx restart

四、基于IP

1.DNS搭建

1)安装bind软件包

rm -rf /etc/yum.repos.d/*

vim /etc/yum.repos.d/local.repo

[local] name=local baseurl=file:///mnt gpgcheck=0

mount /dev/cdrom /mnt

yum -y install bind bind-chroot bind-utils

2)编辑配置文件

vim /etc/named.conf

options { listen-on port 53 { 192.168.1.10; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursion yes;

dnssec-enable no;
dnssec-validation no;

}

zone "xueluo.org" IN { type master; file "xueluo.org.zone"; };

cp /var/named/named.empty /var/named/xueluo.org.zone

vim /var/named/xueluo.org.zone

$TTL 86400 @ IN SOA xueluo.org. root.xueluo.org. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.xueluo.org. ns IN A 192.168.1.10 www IN A 192.168.1.10 image IN A 192.168.1.11

3)启动服务并测试

ifconfig eth0:0 192.168.1.11

chown named:named /var/named/xueluo.org.zone

/etc/init.d/named restart

nslookup www.xueluo.org && nslookup image.xueluo.org

2.编辑nginx配置文件

1)vim /usr/local/nginx/conf/nginx.conf

36 listen 81; //将默认监听端口换位81

111 server { 112 listen 192.168.1.10:80; 113 server_name www.xueluo.org; 114 115 location / { 116 root /usr/local/nginx/html/www; 117 index index.html; 118 } 119 }

121 server { 122 listen 192.168.1.20:80; 123 server_name image.xueluo.org; 124 125 location / { 126 root /usr/local/nginx/html/image; 127 index index.html; 128 } 129 }

2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image

3)echo "www is www" >/usr/local/nginx/html/www/index.html

4)echo "image is image" >/usr/local/nginx/html/image/index.html

3.启动服务

1)nginx -t //验证配置文件是否有误

2)/etc/init.d/nginx restart

五、基于端口

1.DNS搭建

1)安装bind软件包

rm -rf /etc/yum.repos.d/*

vim /etc/yum.repos.d/local.repo

[local] name=local baseurl=file:///mnt gpgcheck=0

mount /dev/cdrom /mnt

yum -y install bind bind-chroot bind-utils

2)编辑配置文件

vim /etc/named.conf

options { listen-on port 53 { 192.168.1.10; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursion yes;

dnssec-enable no;
dnssec-validation no;

}

zone "xueluo.org" IN { type master; file "xueluo.org.zone"; };

cp /var/named/named.empty /var/named/xueluo.org.zone

vim /var/named/xueluo.org.zone

$TTL 86400 @ IN SOA xueluo.org. root.xueluo.org. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.xueluo.org. ns IN A 192.168.1.10 www IN A 192.168.1.10 image IN A 192.168.1.11

3)启动服务并测试

ifconfig eth0:0 192.168.1.11

chown named:named /var/named/xueluo.org.zone

/etc/init.d/named restart

nslookup www.xueluo.org && nslookup image.xueluo.org

2.编辑nginx配置文件

1)vim /usr/local/nginx/conf/nginx.conf

36 listen 81; //将默认监听端口换位81

111 server { 112 listen 192.168.1.10:82; 113 server_name www.xueluo.org; 114 115 location / { 116 root /usr/local/nginx/html/www; 117 index index.html; 118 } 119 }

121 server { 122 listen 192.168.1.20:83; 123 server_name image.xueluo.org; 124 125 location / { 126 root /usr/local/nginx/html/image; 127 index index.html; 128 } 129 }

2)mkdir /usr/local/nginx/html/www && mkdir /usr/local/nginx/html/image

3)echo "www is www" >/usr/local/nginx/html/www/index.html

4)echo "image is image" >/usr/local/nginx/html/image/index.html

3.启动服务

1)nginx -t //验证配置文件是否有误

2)/etc/init.d/nginx restart