Nginx's site security

1, source code installation Nginx

1), the required environment:

Development environment: Development tools

Server Platform Development

Additional Development

Pcre-devel

Nginx-1.6.0.tar.gz

2), source installation Nginx:

Disassemble the source code package into the/usr/local/src/directory

Create a System account and a group Nginx

[Email protected] ~]# groupadd-r nginx[[email protected] ~]# useradd-r-G nginx nginx

Compiling the source code:

[Email protected] nginx-1.6.0]#/configure--conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/ Error.log--http-log-path=/var/log/nginx/access.log--pid-path=/var/run/nginx/nginx.pid--lock-path=/var/lock/ Nginx.lock--user=nginx--group=nginx--with-http_ssl_module--with-http_flv_module--with-http_stub_status_module- -with-http_gzip_static_module--http-client-body-temp-path=/var/tmp/nginx/client--http-proxy-temp-path=/var/tmp /nginx/proxy--http-fastcgi-temp-path=/var/tmp/nginx/fcgi--with-pcre

Install Nginx:

[[email protected] nginx-1.6.0]# make &&make Install

Execute nginx Test command to detect Nginx installation

[Email protected] nginx]#/usr/local/nginx/sbin/nginx-tnginx:the configuration file/etc/nginx/nginx.conf syntax is OK Nginx: [Emerg] mkdir () "/var/tmp/nginx/client" failed (2:no such file or directory) Nginx:configuration file/etc/nginx/n Ginx.conf Test Failed

Prompt for missing directory, create:

[[email protected] nginx]# mkdir-p/var/tmp/nginx/client[[email protected] nginx]# ll/var/tmp/nginx/client/total 0

Start Nginx and view the process and port number:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/2B/wKioL1Xeghuga5HtAAKMwQMzTG4820.jpg "title=" 1.png " alt= "Wkiol1xeghuga5htaakmwqmztg4820.jpg"/>

Enter the IP address to test if Nginx is available:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/2B/wKioL1XegpWTT0qgAAIjysJFaj4984.jpg "title=" 2.png " alt= "Wkiol1xegpwtt0qgaaijysjfaj4984.jpg"/>2, implementing IP address-based access

Add two Test pages TEC and MKT

[[email protected] nginx]# echo "TEC page Test" >html/tec/index.html[[email protected] nginx]# echo "TEC page Test" >h Tml/mkt/index.html

Add two virtual addresses to the NIC:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/2F/wKiom1Xegt7icz7GAAPFdq6waYM741.jpg "title=" 5.png " alt= "Wkiom1xegt7icz7gaapfdq6waym741.jpg"/>

Modify the Nginx configuration file and add the relevant settings:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/35/wKioL1XevYPj73FgAACcl6hGmJ4218.jpg "style=" float: none; "title=" 6.png "alt=" Wkiol1xevypj73fgaaccl6hgmj4218.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/39/wKiom1Xeu2qyN1Y3AACkQOxqNMs164.jpg "style=" float: none; "title=" 7.png "alt=" Wkiom1xeu2qyn1y3aackqoxqnms164.jpg "/>

Reload the configuration file and add address resolution:

[Email protected] nginx]#/usr/local/nginx/sbin/nginx-s Reload

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/39/wKiom1XevMniK8iFAADHolHtGjg137.jpg "title=" 8.png " alt= "Wkiom1xevmnik8ifaadholhtgjg137.jpg"/>

Test:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/3D/wKiom1Xe1U7hkBY1AAD6ogkoaew982.jpg "style=" float: none; "title=" 9.png "alt=" Wkiom1xe1u7hkby1aad6ogkoaew982.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/39/wKioL1Xe12jwpNLtAADJi5iYpcQ844.jpg "style=" float: none; "title=" 10.jpg "alt=" Wkiol1xe12jwpnltaadji5iypcq844.jpg "/>

3. Alias access based on virtual directory

In the root directory/under a site name of Qazwsxedc, I would like to visit without the use of such a hard-to-remember name, but more familiar with the vhost, that can use Nginx alias settings

Create a directory/qazwsxedc, and set the home page INDEX.HTNL, qazwsxedc page test:

[[email protected] nginx]# Mkdir/qazwsxedc[[email protected] nginx]# echo "Qazwsxedc page test" >/qazwsxedc/ Index.html

Modify the configuration file to add an alias record:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3A/wKioL1Xe22ywrbyJAABS_zjSufc072.jpg "title=" 11.png "alt=" Wkiol1xe22ywrbyjaabs_zjsufc072.jpg "/>

Reload the configuration and access the test:

[Email protected] nginx]#/usr/local/nginx/sbin/nginx-s Reload

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3D/wKiom1Xe2baz7ExfAADtuRtaY_4813.jpg "title=" 12.jpg "alt=" Wkiom1xe2baz7exfaadturtay_4813.jpg "/>

4. Nginx Source Control

Set allow 192.168.47.200 IP address access, deny 192.168.47.150 access

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/3D/wKiom1Xe21rS_sknAAClwWlfna0059.jpg "title=" 13.png "alt=" Wkiom1xe21rs_sknaaclwwlfna0059.jpg "/>

Write under Server to control the source of access to the primary site, or to write under location, indicating that a site

Overloading and accessing tests:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/3A/wKioL1Xe3ovxIX8tAAETRIgrKZo310.jpg "title=" 14.png "alt=" Wkiol1xe3ovxix8taaetrigrkzo310.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3A/wKioL1Xe3uCwDN-fAAIlWraJUig746.jpg "title=" 15.png "alt=" Wkiol1xe3ucwdn-faailwrajuig746.jpg "/>

5. Nginx Authentication

To modify the configuration file, add the authentication settings:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3A/wKioL1Xe4APjJyWQAAC__4SFv9Q262.jpg "title=" 16.png "alt=" Wkiol1xe4apjjywqaac__4sfv9q262.jpg "/>

Use the instruction htpasswd to generate the authentication file. htpasswd (this directive is included in the Httpd-tools)

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3A/wKioL1Xe4S7zYu1_AAD6Cmcv3hI292.jpg "title=" 17.png "alt=" Wkiol1xe4s7zyu1_aad6cmcv3hi292.jpg "/>

Overloading and accessing tests:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3E/wKiom1Xe362zq5W4AAHjsIFVW-o235.jpg "style=" float: none; "title=" 19.png "alt=" Wkiom1xe362zq5w4aahjsifvw-o235.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/3A/wKioL1Xe4cyx6gvBAAIxsRG4ul4798.jpg "style=" float: none; "title=" 20.png "alt=" Wkiol1xe4cyx6gvbaaixsrg4ul4798.jpg "/>

6. Nginx Encrypted access

Encrypted access to data with SSL

# cd/etc/nginx/cert# OpenSSL genrsa-des3-out nginx.key 1024# OpenSSL req-new-key nginx.key-out nginx.csr# CP NGINX.K EY nginx.key.bak# OpenSSL rsa-in nginx.key.bak-out nginx.key# OpenSSL x509-req-days 365-in nginx.csr-signkey nginx.k Ey-out NGINX.CRT

To modify the Nginx configuration file, add the SSL option:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/40/wKiom1XfCWLgDZyPAAG-09_lBtI053.jpg "title=" A.png " alt= "Wkiom1xfcwlgdzypaag-09_lbti053.jpg"/>

Overload Nginx and view ports

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/3C/wKioL1XfC7iD46B7AAEqAiOIeH0603.jpg "title=" B.png " alt= "Wkiol1xfc7id46b7aaeqaioieh0603.jpg"/>

Access test:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/3D/wKioL1XfD0CC7wLdAAF2Z--lkzw425.jpg "title=" 111. PNG "alt=" wkiol1xfd0cc7wldaaf2z--lkzw425.jpg "/>

Install the certificate:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/3D/wKioL1XfEDzxttlPAAErpEq0tGU665.jpg "title=" 112. PNG "alt=" wkiol1xfedzxttlpaaerpeq0tgu665.jpg "/>

Access success:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/40/wKiom1XfD2mx630IAAF7aDzzHpo454.jpg "title=" 122. PNG "alt=" wkiom1xfd2mx630iaaf7adzzhpo454.jpg "/>

This article is from the "but evil Water Heart Pan" blog, please be sure to keep this source http://shmilyfl.blog.51cto.com/8897986/1689076

Nginx's site security