Nginx compilation supports Tcp_wrappers
Tcp wrappers: Transmission Control Protocol (TCP) Wrappers provides enhanced security for services generated by inetd. Tcp wrappers is a replacement method for using/etc/inetd. sec. TCP Wrappers provides protection against host name and host address spoofing. Spoofing is a method disguised as a valid user or host to obtain unauthorized access to the system.
1. recompile Nginx
- [Root @ ipython nginx-1.6.1] # tar zxf ../ngx_tcpwrappers.tar.gz-C ./
- [Root @ ipython nginx-1.6.1] #. /configure -- prefix =/software/nginx -- user = nginx -- group = nginx -- with-http_stub_status_module -- with-http_ssl_module -- with-http_realip_module -- with-http_gzip_static_module -- with-debug -- http-client-body-temp- path =/var/tmp/nginx/client -- http-proxy-temp-path =/var/tmp/nginx/proxy -- http-fastcgi-temp-path =/var/tmp /nginx/fastcgi -- http-uwsgi-temp-path =/var/tmp/nginx/uwsgi -- http-scgi-temp-path =/var/tmp/nginx/scgi -- -pcre =/root/pcre-8.35 -- with-openssl =/root/openssl-1.0.1i -- with-zlib =/root/zlib-1.2.8 -- add-module =. /ngx_tcpwrappers
- [Root @ ipython nginx-1.6.1] # sed-I s' # CFLAGS =-pipe-O-W-Wall-Wpointer-arith-Wno-unused-parameter-Werror # CFLAGS =-pipe -O-W-Wall-Wpointer-arith-Wno-unused-parameter-g # 'objs/Makefile
- #### Do not make install. compile it ####
- [Root @ ipython nginx-1.6.1] # make
2. Complete the upgrade and use of modules. Nginx is still very strange ~~
- #### Back up executable files and copy new files ####
- [Root @ ipython nginx-1.6.1] # mv/software/nginx/sbin/nginx/software/nginx/conf/@ nginx
- [Root @ ipython nginx-1.6.1] # cp objs/nginx/software/nginx/sbin/
- #### Test the new version of Nginx ####
- [Root @ ipython nginx-1.6.1] #/software/nginx/sbin/nginx-t
- Nginx: the configuration file/software/nginx/conf/nginx. conf syntax is OK
- Nginx: configuration file/software/nginx/conf/nginx. conf test is successful
- ### Access without the Tcp_wrappers configuration test ###
- [Root @ ipython openssl-1.0.1i] # curl-I http://www.ipython.me
- HTTP/1.1200 OK
- Server: nginx/1.6.1
- Date: Mon, 11Aug201423: 08: 08 GMT
- Content-Type: text/html
- Content-Length: 612
- Last-Modified: Mon, 11Aug201422: 45: 25 GMT
- Connection: keep-alive
- ETag: "53e94785-264"
- Accept-Ranges: bytes
- ### Smooth upgrade ###
- [Root @ ipython nginx-1.6.1] # make upgrade
- # Test Module: reject the Nginx request 1.1.1.30 ### Add the following configuration in the http block ##
- Tcpwrappers on;
- Tcpwrappers_daemon nginx;
- Tcpwrappers_thorough off;
- # Hosts. deny as follows ##
- [Root @ ipython nginx-1.6.1] # awk '! /^ #/'/Etc/hosts. deny
- Nginx: 1.1.1.30
- # Re-read the Nginx configuration file ##
- [Root @ ipython nginx-1.6.1] #/software/nginx/sbin/nginx-s reload
- ### In this case, access is 403 ###
- [Root @ itchenyi ~] # Curl-I http://www.ipython.me
- HTTPS/1.1403 Forbidden
- Server: nginx/1.6.1
- Date: Mon, 11Aug201423: 12: 47 GMT
- Content-Type: text/html
- Content-Length: 168
- Connection: keep-alive
3. Tcp_warppers module command
- ### Ngx_Tcp_wrappers configuration command ###
- 1. tcpwrappers
- Syntax: tcpwrappers [on | off]
- Default Value: tcpwrappers off
- Scope: http, server, location, limit_0000t
- Description: module switch. When enabled, use TCP Wrappers for access control.
- 2. tcpwrappers_daemon
- Syntax: tcpwrappers_daemon name
- Default Value: tcpwrappers_daemon nginx
- Scope: http, server, location, limit_0000t
- Description: The definition of the name is used for identification in/etc/hosts. [allow | deny ].
- 3. tcpwrappers_thorough
- Syntax: tcpwrappers_thorough [on | off]
- Default Value: tcpwrappers_thorough off
- Scope: http, server, location, limit_0000t
- Description: Checks IP addresses, user names, and reverse DNS resolution based on hosts. ctl. The module developer does not provide detailed instructions for use.
-------------------------------------- Split line --------------------------------------
Deployment of Nginx + MySQL + PHP in CentOS 6.2
Build a WEB server using Nginx
Build a Web server based on Linux6.3 + Nginx1.2 + PHP5 + MySQL5.5
Performance Tuning for Nginx in CentOS 6.3
Configure Nginx to load the ngx_pagespeed module in CentOS 6.3
Install and configure Nginx + Pcre + php-fpm in CentOS 6.4
Nginx installation and configuration instructions
Nginx log filtering using ngx_log_if does not record specific logs
-------------------------------------- Split line --------------------------------------
Nginx details: click here
Nginx: click here
From: http://www.ipython.me/centos/rebuild-nginx-support-tcp_wrappers.html Author: IT Chen Yi
This article permanently updates the link address: