本文详细介绍了如何在Nginx中配置静态页面、虚拟主机(基于IP、端口和域名),错误日志和访问日志设置,以及主机和用户访问控制。还涉及了如何配置缓存和记录真实客户端IP地址,以及在Apache服务器中的应用实例。
目录
(2)修改nginx.conf文件,在htttp模块中配置两个server模块分别对应两个IP
(2)同样在http模块中添加server模块,注意工作目录的变动
(1)在前面基于IP的基础上添加server_name一行即可
2.使用hpasswd为用户创建密码文件,并指定到刚才指定的密码文件webck
一.静态页面
要关闭apache的httpd
[root@localhost conf]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)1.更改页面内容
找到自己的nginx安装目录里的html目录,修改index.html
[root@localhost html]# pwd
/usr/local/src/nginx-1.22.0/html
[root@localhost html]# cat index.html
<h1>nginx</h1>
2.更改配置文件
nginx安装目录里的nginx.conf文件
[root@localhost conf]# pwd
/usr/local/src/nginx-1.22.0/conf
[root@localhost conf]# vim nginx.conf找到server内的区块位置,更改工作目录和指定html文件
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/local/src/nginx-1.22.0/html; #你的html文件存放目录
index index.html; #如果前面页面文件是其它名字,这里要更改一致
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@localhost conf]# systemctl restart nginx
3.测试
二.虚拟主机配置
1.基于IP
(1)在html目录下新建目录存放测试文件
[root@localhost html]# ll
total 8
-rw-r--r-- 1 1001 1001 497 May 24 2022 50x.html
-rw-r--r-- 1 1001 1001 15 Aug 10 10:13 index.html
drwxr-xr-x 2 root root 43 Aug 10 11:53 ip
drwxr-xr-x 2 root root 6 Aug 10 11:51 port
[root@localhost html]# pwd
/usr/local/src/nginx-1.22.0/html
[root@localhost html]# cat ip/index.html ip/index1.html
190
195(2)修改nginx.conf文件,在htttp模块中配置两个server模块分别对应两个IP
server {
listen 192.168.2.190;
location / {
root /usr/local/src/nginx-1.22.0/html/ip;
index index.html index.htm;
}
}
server {
listen 192.168.2.195;
location / {
root /usr/local/src/nginx-1.22.0/html/ip;
index index1.html index.htm;
}
}
[root@localhost conf]# systemctl restart nginx(3)测试
2.基于端口
(1)创建测试界面
[root@localhost html]# cat port/index.html port/index1.html
8090
8099
(2)同样在http模块中添加server模块,注意工作目录的变动
server {
listen 8090;
location / {
root /usr/local/src/nginx-1.22.0/html/port;
index index.html index.htm;
}
}
server {
listen 8099;
location / {
root /usr/local/src/nginx-1.22.0/html/port;
index index1.html index.htm;
}
}
[root@localhost conf]# systemctl restart nginx(3)测试
3.基于域名
(1)在前面基于IP的基础上添加server_name一行即可
server {
listen 192.168.2.190;
server_name www.aabb.com;
location / {
root /usr/local/src/nginx-1.22.0/html/ip;
index index.html index.htm;
}
}
server {
listen 192.168.2.195;
server_name www.llss.com;
location / {
root /usr/local/src/nginx-1.22.0/html/ip;
index index1.html index.htm;
}
}
[root@localhost conf]# systemctl restart nginx(2)修改/etc/hosts文件
Linux
[root@localhost conf]# vim /etc/hosts
192.168.2.190 www.aabb.com
192.168.2.195 www.llss.com
windows
通过powershell使用notepad修改hosts文件
Windows PowerShell
版权所有(C) Microsoft Corporation。保留所有权利。
安装最新的 PowerShell,了解新功能和改进!https://aka.ms/PSWindows
PS C:\WINDOWS\system32> cd .\drivers\etc\
PS C:\WINDOWS\system32\drivers\etc> notepad .\hosts
PS C:\WINDOWS\system32\drivers\etc>
(3)测试
三.nginx错误日志和访问日志配置
1. 在server模块中指定日志类型和日志存放目录即可
2.测试两边后查看
[root@localhost logs]# cat access.log
192.168.2.2 - - [10/Aug/2023:14:06:00 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.200"
192.168.2.2 - - [10/Aug/2023:14:06:00 +0800] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.2.190/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.200"
[root@localhost logs]# cat error.log
2023/08/10 14:06:00 [error] 59751#59751: *1 open() "/usr/local/src/nginx-1.22.0/html/ip/favicon.ico" failed (2: No such file or directory), client: 192.168.2.2, server: www.aabb.com, request: "GET /favicon.ico HTTP/1.1", host: "192.168.2.190", referrer: "http://192.168.2.190/"
[root@localhost logs]# pwd
/usr/local/src/nginx-1.22.0/logs
四.基于主机访问控制
1.修改nginx.conf文件
修改server区块内的location块,deny表示禁止这台主机访问,allow表示允许,可以使用all表示禁止/允许所有,一定要注意匹配顺序是从上至下,下例也就表示允许除2.191外的主机访问
server {
listen 192.168.2.190;
server_name www.aabb.com;
error_log /usr/local/src/nginx-1.22.0/logs/error.log;
access_log /usr/local/src/nginx-1.22.0/logs/access.log;
location / {
root /usr/local/src/nginx-1.22.0/html/ip;
index index.html index.htm;
deny 192.168.2.191;
allow all;
#deny 192.168.2.0/24; 可以指定一个网段
}
}
[root@localhost conf]# systemctl restart nginx.service2.到其他主机上测试
(1)191主机
[root@localhost ~]# ip a | grep ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.2.191/24 brd 192.168.2.255 scope global noprefixroute ens33
[root@localhost ~]# curl 192.168.2.190
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.22.0</center>
</body>
</html>
(2)180主机
[root@localhost ~]# ip a | grep ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.2.180/24 brd 192.168.2.255 scope global noprefixroute ens160
[root@localhost ~]# curl 192.168.2.190
190
五.基于用户访问控制
1.修改nginx.conf文件
server {
listen 192.168.2.190;
server_name www.aabb.com;
error_log /usr/local/src/nginx-1.22.0/logs/error.log;
access_log /usr/local/src/nginx-1.22.0/logs/access.log;
location / {
root /usr/local/src/nginx-1.22.0/html/ip;
index index.html index.htm;
allow all;
auth_basic "here"; #加上这两行,这行是出现在第一次访问Nginx站点的弹出框内
auth_basic_user_file /usr/local/src/nginx-1.22.0/conf/webck; #指定密码文件
}
}
[root@localhost conf]# pwd
/usr/local/src/nginx-1.22.0/conf
[root@localhost conf]# ll | grep webck
-rw-r--r-- 1 root root 22 Aug 10 18:54 webck2.使用hpasswd为用户创建密码文件,并指定到刚才指定的密码文件webck
[root@localhost conf]# htpasswd -c -d /usr/local/src/nginx-1.22.0/conf/webck sulibao
New password:
Re-type new password:
Warning: Password truncated to 8 characters by CRYPT algorithm.
Adding password for user sulibao
[root@localhost conf]# cat webck
sulibao:8sWMglgDCLsGQ #密码已加密
[root@localhost conf]# systemctl restart nginx
3.测试
六.缓存配置
expires参数,下例表示对以这些后缀结尾的图片文件缓存30天
server {
listen 192.168.2.190;
server_name www.aabb.com;
error_log /usr/local/src/nginx-1.22.0/logs/error.log;
access_log /usr/local/src/nginx-1.22.0/logs/access.log;
location / {
root /usr/local/src/nginx-1.22.0/html/ip;
index index.html index.htm;
allow all;
auth_basic "here";
auth_basic_user_file /usr/local/src/nginx-1.22.0/conf/webck;
}
location ~ .*\.(gif|jpg|png)$ {
expires 30d;
}
}
七.配置服务器记录真实IP地址
1.构建环境
三台设备,设备1(2.190)部署nginx环境,设备2(2.191)部署nginx,设备3(2.193)apache环境,保证都有区别的web页面内容
2.配置反向代理
(1)基于源码安装的nginx环境下修改nginx.conf(设备1)
[root@localhost conf]# pwd
/usr/local/src/nginx-1.22.0/conf
[root@localhost conf]# vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
error_log /usr/local/src/nginx-1.22.0/logs/error.log;
access_log /usr/local/src/nginx-1.22.0/logs/access.log;
server {
listen 80;
server_name www.aabb.com;
location / {
proxy_pass http://192.168.2.191;
}
}
server {
listen 80;
server_name www.llss.com;
location / {
proxy_pass http://192.168.2.193;
}
}
}(2)通过windows powershell进行修改hosts文件并测试
PS C:\WINDOWS\system32> cd .\drivers\etc\
PS C:\WINDOWS\system32\drivers\etc> notepad .\hosts
PS C:\WINDOWS\system32\drivers\etc>
(3)设备2和设备3上查看日志,可以看到访问来源都是代理服务器(2.190)而不是真实客户端地址
3.实现两台web服务器记录真实客户端IP地址
(1)Nginx代理服务器配置
设备1,在proxy_pass后继续添加以下内容
server {
listen 80;
server_name www.aabb.com;
location / {
proxy_pass http://192.168.2.191;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name www.llss.com;
location / {
proxy_pass http://192.168.2.193;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
}
}设备2,修改nginx.conf文件,在index下方继续添加以下内容
server {
listen 80;
server_name localhost;
access_log logs/access.log;
location / {
root /usr/local/src/nginx-1.22.0/html;
index index.html index.htm;
set_real_ip_from 192.168.2.190; #此处填写你的nginx代理服务器的地址
real_ip_header X-Forwarded-For;
real_ip_recursive on;
}浏览器访问后设备2查看日志
通过浏览器访问传回虚拟机的这个访问地址是windows上的虚拟网卡VMnet8的地址
设备3做域名映射后访问设备2查看日志以进一步验证
#修改/etc/hosts文件后查看
[root@localhost ~]# tail -1 /etc/hosts
192.168.2.190 www.aabb.com
[root@localhost ~]# curl www.aabb.com
191
(2)Apache类的web服务器
设备3,修改httpd.conf文件
[root@localhost conf]# pwd
/etc/httpd/conf
[root@localhost conf]# vim httpd.conf
把原本这里的第一行LogFormat换成这个
LogFormat "%{X-FORWARDED-FOR}i %h %l %u %t %r %>s %b %{Referer}i %{User-Agent}i" combined
[root@localhost conf]# systemctl restart httpd.service浏览器访问设备3进行测试
返回了真实地址和nginx代理服务器的真实地址
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
