码迷,mamicode.com
首页 > 其他好文 > 详细

CentOS 7.4 Tengine安装配置详解(二)

时间:2018-05-14 15:11:13      阅读:431      评论:0      收藏:0      [点我收藏+]

标签:tengine、虚拟主机、IP、访问控制

三、配置虚拟主机:

1、配置基于端口的虚拟主机:

(1)http{}配置段中新增如下server

server {

listen 8000;

server_name localhost;

access_log /usr/local/tengine/logs/localhost8000-access.log main;

location / {

root /vhosts/web;

index index.html index.htm;

}

}

(2)创建测试页:# mkdir -pv /vhosts/web  # echo "<h3>VirtualHost Port 8000</h3>" > /vhosts/web/index.html

(3)重载服务:# nginx -t  # nginx -s reload  # ss -tunlp | grep :8000

(4)访问测试页:http://192.168.1.222:8000

技术分享图片

2、配置基于IP的虚拟主机:

(1)新增一个IP

技术分享图片

# ip addr list | grep ens

技术分享图片

# ip addr add 192.168.1.250/24 dev ens160

# ip addr list | grep ens

技术分享图片

技术分享图片

(2)http{}配置段中新增如下server

server {

listen 192.168.1.222:80;

server_name localhost;

access_log /usr/local/tengine/logs/192.168.1.222-access.log main;

location / {

root /vhosts/ip/192.168.1.222;

index index.html index.htm;

}

}

 

server {

listen 192.168.1.250:80;

server_name localhost;

access_log /usr/local/tengine/logs/192.168.1.250-access.log main;

location / {

root /vhosts/ip/192.168.1.250;

index index.html index.htm;

}

}

(3)创建测试页:

# mkdir -pv /vhosts/ip/{192.168.1.222,192.168.1.250}

# echo "<h3>VirtualHost 192.168.1.222</h3>" > /vhosts/ip/192.168.1.222/index.html

# echo "<h3>VirtualHost 192.168.1.250</h3>" > /vhosts/ip/192.168.1.250/index.html

(4)重载服务:# nginx -t  # nginx -s reload  # ss -tunlp | grep :80

(5)访问测试页:

http://192.168.1.222

技术分享图片

http://192.168.1.250

技术分享图片

3、配置基于主机名的虚拟主机:

(1)http{}配置段中新增如下server

server {

listen 80;

server_name bbs.vhosts.com;

access_log /usr/local/tengine/logs/bbs.vhosts.com-access.log main;

location / {

root /vhosts/bbs;

index index.html index.htm;

}

}

 

server {

listen 80;

server_name blog.vhosts.com;

access_log /usr/local/tengine/logs/blog.vhosts.com-access.log main;

location / {

root /vhosts/blog;

index index.html index.htm;

}

}

(2)创建测试页:

# mkdir -pv /vhosts/{bbs,blog}

# echo "<h3>VirtualHost bbs.vhosts.com</h3>" > /vhosts/bbs/index.html

# echo "<h3>VirtualHost blog.vhosts.com</h3>" > /vhosts/blog/index.html

(3)重载服务:# nginx -t  # nginx -s reload  # ss -tunlp | grep :80

(4)修改本地Windows 10系统的hosts文件:

C:\Windows\System32\drivers\etc\hosts,末尾新增代码:192.168.1.222 bbs.vhosts.com blog.vhosts.com

(5)访问测试页:

http://bbs.vhosts.com

技术分享图片

http://blog.vhosts.com

技术分享图片


四、基于来源IP实现访问控制

1、server{}配置段中新增如下location

server {

listen 80;

server_name localhost;

root html;

index index.html index.htm;

 

location / {

# 网段的写法:192.168.1.0/24

deny 192.168.1.222;

# 从上到下进行匹配,类似iptables

allow all;

}

 

location /bbs {

if ( $remote_addr = 192.168.1.146 ) {

return 404;

}

}

}

2、创建测试页:

# mkdir -pv /usr/local/tengine/html/bbs

# echo "<h3>Hello World</h3>" > /usr/local/tengine/html/bbs/test.html

3、重载服务:# nginx -t  # nginx -s reload  # ss -tunlp | grep :80

4、分别使用192.168.1.146192.168.1.222192.168.199.157作为客户端进行访问:

(1)192.168.1.146# yum -y install elinks  # elinks -dump http://192.168.1.222

技术分享图片

# elinks -dump http://192.168.1.222/bbs/test.html

技术分享图片

(2)192.168.1.222# yum -y install curl  # curl http://192.168.1.222

技术分享图片

# curl http://192.168.1.222/bbs/test.html

技术分享图片

(3)192.168.199.157

技术分享图片

技术分享图片


五、基于用户名/密码实现访问控制:

1、server{}配置段中新增如下location

server {

listen 80;

server_name localhost;

root html;

index index.html index.htm;

 

location /bbs {

auth_basic "Please Login";

auth_basic_user_file /usr/local/tengine/conf/.htpasswd;

}

}

2、创建测试页:

# mkdir -pv /usr/local/tengine/html/bbs

# echo "<h3>Login Successful</h3>" > /usr/local/tengine/html/bbs/test.html

3、创建账号密码文件:

# yum -y install httpd-tools

# cd /usr/local/tengine/conf

# htpasswd -c -m .htpasswd keyso     //用户名keyso,密码123456

========================================================

基于文件实现basic身份认证时所使用的账号密码生成工具:htpasswd

常用选项:

?  -c:自动创建账号文件(仅在添加第一个用户时使用该选项)

?  -m:使用MD5加密用户密码

?  -s:使用SHA加密用户密码

?  -D:删除指定用户

========================================================

4、重载服务:# nginx -t  # nginx -s reload  # ss -tunlp | grep :80

5、访问测试页:

http://192.168.1.222

技术分享图片

http://192.168.1.222/bbs/test.html

技术分享图片

技术分享图片


六、定义status页面:

1、server{}配置段中新增如下location

server {

listen 80;

server_name localhost;

location /status {

stub_status on;

allow 192.168.101.120;

deny all;

access_log off;

}

}

2、重载服务:# nginx -t  # nginx -s reload  # ss -tunlp | grep :80

3、Windows 10访问状态页:http://192.168.1.222/status

技术分享图片

说明:

?  Active connections:当前活动的客户端连接数

?  accepts:已经接收过的客户端连接总数

?  handled:已经处理过的客户端连接总数

?  requests:客户端的请求总数

?  request_time:请求时间

?  Reading:正在读取的客户端请求数

?  Writing:正在处理请求或发送响应报文的连接数

?  Waiting:等待发出请求的空闲连接数


七、禁止访问某一类资源:

1、server{}配置段中新增如下location

server {

listen 80;

server_name localhost;

location ~ \.(txt|doc)$ {

if (-f $request_filename){

root html;

break;

}

deny all;

}

}

2、创建测试页:

# echo "<h3>txt file</h3>" > /usr/local/tengine/html/test.txt

# echo "<h3>doc file</h3>" > /usr/local/tengine/html/test.doc

# echo "<h3>html file</h3>" > /usr/local/tengine/html/test.html

3、重载服务:# nginx -t  # nginx -s reload  # ss -tunlp | grep :80

4、访问测试页:

http://192.168.1.222/test.txt

技术分享图片

http://192.168.1.222/test.doc

技术分享图片

http://192.168.1.222/test.html

技术分享图片


rootalias(路径别名)

1、server{}配置段中新增如下location

server {

listen 80;

server_name localhost;

index index.html index.htm;

 

location /bbs {

root /vhosts/bbs;

}

 

location /blog {

alias /vhosts/blog;

}

}

2、创建测试页:

# mkdir -pv /vhosts/bbs/bbs

# mkdir -pv /vhosts/blog

# echo "<h3>root --> /vhosts/bbs/bbs/index.html</h3>" > /vhosts/bbs/bbs/index.html

# echo "<h3>alias --> /vhosts/blog/index.html</h3>" > /vhosts/blog/index.html

3、重载服务:# nginx -t  # nginx -s reload  # ss -tunlp | grep :80

4、访问测试页:

http://192.168.1.222/bbs

技术分享图片

http://192.168.1.222/blog

技术分享图片


CentOS 7.4 Tengine安装配置详解(二)

标签:tengine、虚拟主机、IP、访问控制

原文地址:http://blog.51cto.com/qiuyue/2116119

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!