码迷,mamicode.com
首页 > 其他好文 > 详细

nginx基础

时间:2018-08-31 00:33:41      阅读:204      评论:0      收藏:0      [点我收藏+]

标签:ffffff   local   bcg   ali   private   src   请求   section   des   

6.10 访问控制 用于location段 allow:设定允许哪台或哪些主机访问,多个参数间用空格隔开 deny:设定禁止哪台或哪些主机访问,多个参数间用空格隔开 [root@yanyinglai3 conf]# vim nginx.conf location / { root html; index index.html index.htm; allow 192.168.47.1; deny all; } [root@yanyinglai3 conf]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@yanyinglai3 conf]# nginx -s reload

技术分享图片


设置拒绝本机访问

[root@yanyinglai3 conf]# vim nginx.conf
             location / {
            root   html;
            index  index.html index.htm;
            deny  192.168.47.1;
            allow all;
        }
[root@yanyinglai3 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@yanyinglai3 conf]# nginx -s reload

技术分享图片

6.11基于用户认证
[root@yanyinglai3 ~]# cd /usr/local/nginx/
[root@yanyinglai3 nginx]# mkdir auth
[root@yanyinglai3 nginx]# cd auth
[root@yanyinglai3 auth]# pwd
/usr/local/nginx/auth
[root@yanyinglai3 auth]# yum provides *bin/htpasswd

[root@yanyinglai3 auth]# yum -y install httpd-tools
[root@yanyinglai3 auth]#  htpasswd -c -m /usr/local/nginx/auth/.user_auth_file tom
New password:
Re-type new password:
Adding password for user tom
[root@yanyinglai3 auth]#  cat /usr/local/nginx/auth/.user_auth_file
tom:$apr1$ZMJK3Hqt$awuiBTxnC.zVSbfg8LDEc0
[root@yanyinglai3 auth]#  vim /usr/local/nginx/conf/nginx.conf
       location / {
            root   html;
            index  index.html index.htm;
            auth_basic "welcome to there";
            auth_basic_user_file ../auth/.user_auth_file;
        }

[root@yanyinglai3 auth]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@yanyinglai3 auth]# nginx -s reload

技术分享图片

6.12https配置
生成私钥,生成证书签署请求并获得证书,然后nginx。conf中配置如下内容;
‘openssl实现私有CA:‘
CA的配置文件:/etc/pkil/tls/openssl.cnf
CA生成一对密钥
[root@yanyinglai3 auth]# cd
[root@yanyinglai3 ~]#  cd /etc/pki/CA
[root@yanyinglai3 CA]# ls
certs  crl  newcerts  private
[root@yanyinglai3 CA]#  (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
...........................+++
...................................................................+++
e is 65537 (0x10001)
[root@yanyinglai3 CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwD6HbiPV62wUkEa8u1Sw
XHrLVrFkQDyuVE2GKMkL1FE+ioejNBg9fawC+M+b/tSx65iPbgWpXBKPoK10TKD+
RVeNFR+rjVtzaM5+Jf9O5l36dN16MzCywvGOjg1R6qW9/LVcYtKeChME93uRMIDw
Ho2Ds4feLwLUsY/4mI0vkfSTVT0YXV89YEHmWHRsvCMUfzwNIfzpxEjIyRJJzLys
4CizMDX0/R6EV3SDKVZH46PS4RQAcJne0DpzWyEhkUhujw018JH0QqZr5GAgV6Q9
4TFA0zCRZfZPYqHNB3PYUvHeYlI9v8AscjPx9ziORsv+iz+uvnysjsZVkCjG38uG
qQIDAQAB
-----END PUBLIC KEY-----

CA生成自签署证书
[root@yanyinglai3 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:wh
Organization Name (eg, company) [Default Company Ltd]:www.yanyinglai.com
Organizational Unit Name (eg, section) []:www.yanyinglai.com
Common Name (eg, your name or your server‘s hostname) []:
Email Address []:1@2.com
[root@yanyinglai3 CA]# openssl x509 -text -in cacert.pem
[root@yanyinglai3 CA]# mkdir certs newcerts crl
[root@yanyinglai3 CA]#  touch index.txt && echo 01 > serial

客户端生成密钥‘
[root@yanyinglai3 CA]# cd /usr/local/nginx/
[root@yanyinglai3 nginx]# ls
auth              conf          html  proxy_temp  scgi_temp
client_body_temp  fastcgi_temp  logs  sbin        uwsgi_temp
[root@yanyinglai3 nginx]# mkdir ssl
[root@yanyinglai3 nginx]# cd ssl/
[root@yanyinglai3 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
.........................................................................................+++
.............................................+++
e is 65537 (0x10001)

客户端生成证书签署请求
[root@yanyinglai3 ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
客户端把证书签署请求文件发送给CA
scp httpd.csr root@CA端IP:/root
CA签署客户端提交上来的证书
[root@yanyinglai3 ssl]# openssl ca -in /root/nginx.csr -out nginx.crt -days 365
CA把签署好的证书httpd.ctr发给客户端
scp httpd.crt root@客户端IP:/etc/httpd/ssl/
6.13开启状态界面
开启status:
location /status {
stub_status {on | off};
allow 172.16.0.0/16;
deny all;
}
访问状态页面的方式:http://server_ip/status

[root@yanyinglai3 conf]# vim nginx.conf

        }
        location /status {
            stub_status on;
            allow 192.168.47.1;
            deny all;
        }

[root@yanyinglai3 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@yanyinglai3 conf]# nginx -s reload

技术分享图片

nginx基础

标签:ffffff   local   bcg   ali   private   src   请求   section   des   

原文地址:http://blog.51cto.com/13910274/2167141

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!