目录
资源清单
|---------------|-----------------|--------------------|
| 操作系统 | 域名 | IP |
| OpenEuler | www.aaa.com | 192.168.16.142 |
| OpenEuler | www.bbb.com | 192.168.16.143 |
一、编译安装Nginx(两台)
1.更改主机名
bash
hostnamectl set-hostname aaa
hostnamectl set-hostname bbb2.安装支持软件
bash
dnf install -y gcc make pcre-devel zlib-devel openssl-devel perl-ExtUtils-MakeMaker git wget tar3.创建运行用户、组和日志记录
bash
useradd -M -s /sbin/nologin nginx
mkdir -p /var/log/nginx
chown -R nginx:nginx /var/log/nginx4.编译及安装Nginx
bash
tar zxf nginx-1.26.3.tar.gz
cd nginx-1.26.3
./configure --prefix=/usr/local/nginx --pid-path=/var/run/nginx.pid --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream
make && make install5.为主程序nginx创建软链接文件
bash
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
nginx -v6.添加Nginx系统服务
bash
vi /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=network.target
[Service]
Type=forking
#PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/sbin/nginx -t
ExecStart=/usr/local/sbin/nginx
ExecReload=/usr/local/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
User=root
Group=root
[Install]
WantedBy=multi-user.target
#重载服务
systemctl daemon-reload
#启动服务
systemctl start nginx
#设置开机自启
systemctl enable nginx
#检查端口
ss -nlpt | grep 80二、防盗链
1.修改Windows的C:\Windows\System32\dirvers\etc\hosts文件,设置域名和映射关系
bash
192.168.16.142 www.aaa.com
192.168.16.143 www.bbb.com2.修改host文件(两台都修改)
bash
vi /etc/hosts
192.168.16.142 www.aaa.com
192.168.16.143 www.bbb.com3.修改主配置文件(两台都修改)
bash
#www.aaa.com上修改
vi /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.aaa.com;
#检查配置并重启
nginx -t
systemctl restart nginx
#www.bbb.com上修改
vi /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.bbb.com;
#检查配置并重启
nginx -t
systemctl restart nginx4.把图片 logo.jpg放到源主机的工作目录下(www.aaa.com上)
bash
ls /usr/local/nginx/html
index.html kgc.png5.编辑源网站首页文件(www.aaa.com上)
bash
vi /usr/local/nginx/html/index.html
<html>
<body>
<h1>aaa It work!
<img src="kgc.png"/> //网页中显示图片的代码
</h1>
</body>
</html>6.测试访问原网站
7.编辑盗链网站首页文件(www.bbb.com)
bash
vi /usr/local/nginx/html/index.html
<html>
<body>
<h1>bbb It work!
<img src="http://www.aaa.com/kgc.png"/> //网页中显示图片
</h1>
</body>
</html>8.测试访问盗链网站(盗链成功)
9.配置Nginx防盗链(www.aaa.com上)
bash
vi /usr/local/nginx/conf/nginx.conf
#charset koi8-r;
#access_log logs/host.access.log main;
location ~*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|webp|ico)$ {
root html;
valid_referers aaa.com *.aaa.com;
if ($invalid_referer) {
return 403;
}
}
nginx -t
systemctl restart nginx10.测试访问盗链网站(盗链失败)
三、Nginx配置https
1.创建证书存储目录
bash
mkdir -p /etc/nginx/ssl2.生成签名证书
bash
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx-selfsigned.key \
-out /etc/nginx/ssl/nginx-selfsigned.crt \
-subj "/C=CN/ST=Beijing/L=Beijing/O=MyOrg/CN=localhost"3.Nginx启用https
-
编辑nginx配置文件
bashvi /usr/local/nginx/conf/nginx.conf server { listen 443 ssl; # 监听 HTTPS 端口 server_name localhost; # 域名或IP # 指定证书和私钥路径 ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt; ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key; # SSL 协议和加密套件配置(可选,提升安全性) ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers on; # 其他配置(如根目录) location / { root /usr/local/nginx/html; index index.html; } } server { listen 80; server_name localhost; return 301 https://$host$request_uri; } nginx -t systemctl restart nginx -
浏览器验证
