URL 组成
<scheme>://<user>:<password>@<host>:<port>/<path>:<params>?<query>#<frag>
scheme 方案 访问服务器以获取资源时要使用哪种协议
user 用户 某些方案访问资源时需要的用户名
password 密码 用户对应的密码,中间用:分隔
scheme 方案 访问服务器以获取资源时要使用哪种协议
host 主机 资源宿主服务器的主机名或IP地址
port 端口 资源宿主服务器正在监听的端口号,很多方案有默认端口号
path 路径 服务器资源的本地名,由一个/将其与前面的URL组件分隔
params 参数 指定输入的参数,参数为名/值对,多个参数,用;分隔
query 查询 传递参数给程序,如数据库,用?分隔,多个查询用&分隔
frag 片段 一小片或一部分资源的名字,此组件在客户端使用,用#分隔
Nginx 的安装
vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx
baseurl=http://nginx.org/packages/rhel/9/x86_64
gpgcheck=0
dnf install nginx --y
systemctl enable --now nginx.service
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
nginx全局配置
user nginx; #nginx程序运行用户
worker_processes auto; #开启work进程数量
error_log /var/log/nginx/error.log notice; #错误日志
pid /var/run/nginx.pid; #pid文件
events {
worker_connections 1024; #可接受最大连接数
}
http模块配置
http {
include /etc/nginx/mime.types; #可解析的静态资源类型
default_type application/octet-stream; #用来配置Nginx响应前端请求默认的MIME类型
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main; #访问日志
sendfile on; # Nginx服务器是否使用sendfile()传输文件
#tcp_nopush on; # 当包累计到一定大小后就发送,默认0.2s一次
keepalive_timeout 65; # 长连接超时时间
#gzip on; #可以使网站的css、js 、xml、html 等静态资源在传输时进行压缩
include /etc/nginx/conf.d/*.conf; #指定子配置文件
}
子配置文件
/etc/nginx/conf.d/default.conf
server {
listen 80; #监听端口
server_name localhost; #服务器的名字
location / {
root /usr/share/nginx/html; #默认发布目录
index index.html index.htm; #默认发布文件
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html; #访问出错呈现错误页面
location = /50x.html {
root /usr/share/nginx/html;
}
}
Nginx 配置
基于IP的虚拟主机
ip addr add 172.25.254.111/24 dev ens160
ip addr add 172.25.254.222/24 dev ens160
mkdir -p /usr/share/nginx/vhostroot/{111,222}/html
echo 172.25.254.111 > /usr/share/nginx/vhostroot/111/html/index.html
echo 172.25.254.222 > /usr/share/nginx/vhostroot/222/html/index.html
vim vhost_ip.conf
server{
listen 172.25.254.111:80;
location / {
root /var/www/virtualdir/111/html;
index index.html index.htm
}
}
server{
listen 172.25.254.222:80;
location / {
root /var/www/virtualdir/222/html;
index index.html index.htm
}
}
curl 172.25.254.222:8080
172.25.254.222
curl 172.25.254.111
172.25.254.111
基于域名的虚拟主机
mkdir -p /usr/share/nginx/vhostroot/{bbs,news}/html
echo news.easylee.org > /usr/share/nginx/vhostroot/news/html/index.html
echo bbs.easylee.org > /usr/share/nginx/vhostroot/bbs/html/index.html
vim vhost_name.conf
server {
listen 80;
server_name bbs.carter.org;
location / {
root /usr/share/nginx/vhostroot/bbs/html;
index index.html index.htm;
}
}
server {
listen 80;
server_name news.carter.org;
location / {
root /usr/share/nginx/vhostroot/bbs/html;
index index.html index.htm;
}
}
测试:
[root@localhost conf.d]# curl news.carter.org
news.easylee.org
[root@localhost conf.d]# curl bbs.carter.org
news.carter.org
本地解析:
vim /etc/hosts
172.25.254.100 bbs.carter.org news.carter.org
web 服务器的访问控制
mkdir -p /usr/share/nginx/vhostroot/bbs/html/admin
echo admin page > /usr/share/nginx/vhostroot/bbs/html/admin/index.html
vim vhost_name.conf
server {
listen 80;
root /usr/share/nginx/vhostroot/bbs/html;
index index.html index.htm;
server_name bbs.easylee.org;
location / {
}
location /admin/ {
allow 172.25.254.100;
deny all;
}
}
vim vhost_name.conf
server {
listen 80;
root /usr/share/nginx/vhostroot/bbs/html;
index index.html index.htm;
server_name bbs.carter.org;
location / {
}
location /admin/ {
auth_basic on;
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
部署 https
mkdir -p /etc/nginx/certs
openssl req -newkey rsa:2048 -nodes -sha256 \
-keyout /etc/nginx/certs/carter.org.key -x509 -days 365 \
-out /etc/nginx/certs/carter.org.crt
--------------------------------------
按照提示填入相应信息
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shannxi
Locality Name (eg, city) [Default City]:Xi'An
Organization Name (eg, company) [Default Company Ltd]:carter
Organizational Unit Name (eg, section) []:web
Common Name (eg, your name or your server's hostname) []:www.carter.org
Email Address []:carter@163.com
配置nginx开启https功能
mkdir /usr/share/nginx/vhostroot/login/html -p
echo login.carter.org > /usr/share/nginx/vhostroot/login/html/index.html
vim vhost_name.conf
server {
listen 443 ssl;
server_name login.carter.org;
ssl_certificate /etc/nginx/certs/carter.org.crt;
ssl_certificate_key /etc/nginx/certs/carter.org.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /usr/share/nginx/vhostroot/login/html;
index index.html index.htm;
}
}
强制访问加密
vim vhost_name.conf
server {
listen 80;
server_name login.carter.org;
rewrite ^/(.*)$ https://login.carter.org/$1 permanent;
}
^/(.*)$ 这时正则表达式语法表示匹配浏览器地址栏中的所有内容
$1 login.easylee.org/xxx 这个地址转换时保留xxx
permanent 表示永久转换301
生成php测试页
mkdir -p /usr/share/nginx/html/php
vim /usr/share/nginx/html/php/index.php
<?php
phpinfo();
?>
配置web服务器对php页面的发布
server {
listen 80;
server_name localhost;
location ~ \.php$ {
root /usr/share/nginx/html/php;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}