Nginx's site security

Source: Internet
Author: User
Tags openssl rsa openssl x509

1, source code installation Nginx

1), the required environment:

Development environment: Development tools

Server Platform Development

Additional Development

Pcre-devel

Nginx-1.6.0.tar.gz


2), source installation Nginx:

Disassemble the source code package into the/usr/local/src/directory

Create a System account and a group Nginx

[Email protected] ~]# groupadd-r nginx[[email protected] ~]# useradd-r-G nginx nginx

Compiling the source code:

[Email protected] nginx-1.6.0]#/configure--conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/ Error.log--http-log-path=/var/log/nginx/access.log--pid-path=/var/run/nginx/nginx.pid--lock-path=/var/lock/ Nginx.lock--user=nginx--group=nginx--with-http_ssl_module--with-http_flv_module--with-http_stub_status_module- -with-http_gzip_static_module--http-client-body-temp-path=/var/tmp/nginx/client--http-proxy-temp-path=/var/tmp /nginx/proxy--http-fastcgi-temp-path=/var/tmp/nginx/fcgi--with-pcre

Install Nginx:

[[email protected] nginx-1.6.0]# make &&make Install

Execute nginx Test command to detect Nginx installation

[Email protected] nginx]#/usr/local/nginx/sbin/nginx-tnginx:the configuration file/etc/nginx/nginx.conf syntax is OK Nginx: [Emerg] mkdir () "/var/tmp/nginx/client" failed (2:no such file or directory) Nginx:configuration file/etc/nginx/n Ginx.conf Test Failed

Prompt for missing directory, create:

[[email protected] nginx]# mkdir-p/var/tmp/nginx/client[[email protected] nginx]# ll/var/tmp/nginx/client/total 0

Start Nginx and view the process and port number:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/2B/wKioL1Xeghuga5HtAAKMwQMzTG4820.jpg "title=" 1.png " alt= "Wkiol1xeghuga5htaakmwqmztg4820.jpg"/>

Enter the IP address to test if Nginx is available:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/2B/wKioL1XegpWTT0qgAAIjysJFaj4984.jpg "title=" 2.png " alt= "Wkiol1xegpwtt0qgaaijysjfaj4984.jpg"/>2, implementing IP address-based access

Add two Test pages TEC and MKT

[[email protected] nginx]# echo "TEC page Test" >html/tec/index.html[[email protected] nginx]# echo "TEC page Test" >h Tml/mkt/index.html


Add two virtual addresses to the NIC:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/2F/wKiom1Xegt7icz7GAAPFdq6waYM741.jpg "title=" 5.png " alt= "Wkiom1xegt7icz7gaapfdq6waym741.jpg"/>


Modify the Nginx configuration file and add the relevant settings:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/35/wKioL1XevYPj73FgAACcl6hGmJ4218.jpg "style=" float: none; "title=" 6.png "alt=" Wkiol1xevypj73fgaaccl6hgmj4218.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/39/wKiom1Xeu2qyN1Y3AACkQOxqNMs164.jpg "style=" float: none; "title=" 7.png "alt=" Wkiom1xeu2qyn1y3aackqoxqnms164.jpg "/>


Reload the configuration file and add address resolution:

[Email protected] nginx]#/usr/local/nginx/sbin/nginx-s Reload

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/39/wKiom1XevMniK8iFAADHolHtGjg137.jpg "title=" 8.png " alt= "Wkiom1xevmnik8ifaadholhtgjg137.jpg"/>


Test:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/3D/wKiom1Xe1U7hkBY1AAD6ogkoaew982.jpg "style=" float: none; "title=" 9.png "alt=" Wkiom1xe1u7hkby1aad6ogkoaew982.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/39/wKioL1Xe12jwpNLtAADJi5iYpcQ844.jpg "style=" float: none; "title=" 10.jpg "alt=" Wkiol1xe12jwpnltaadji5iypcq844.jpg "/>


3. Alias access based on virtual directory

In the root directory/under a site name of Qazwsxedc, I would like to visit without the use of such a hard-to-remember name, but more familiar with the vhost, that can use Nginx alias settings

Create a directory/qazwsxedc, and set the home page INDEX.HTNL, qazwsxedc page test:

[[email protected] nginx]# Mkdir/qazwsxedc[[email protected] nginx]# echo "Qazwsxedc page test" >/qazwsxedc/ Index.html

Modify the configuration file to add an alias record:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3A/wKioL1Xe22ywrbyJAABS_zjSufc072.jpg "title=" 11.png "alt=" Wkiol1xe22ywrbyjaabs_zjsufc072.jpg "/>

Reload the configuration and access the test:

[Email protected] nginx]#/usr/local/nginx/sbin/nginx-s Reload

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3D/wKiom1Xe2baz7ExfAADtuRtaY_4813.jpg "title=" 12.jpg "alt=" Wkiom1xe2baz7exfaadturtay_4813.jpg "/>


4. Nginx Source Control

Set allow 192.168.47.200 IP address access, deny 192.168.47.150 access

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/3D/wKiom1Xe21rS_sknAAClwWlfna0059.jpg "title=" 13.png "alt=" Wkiom1xe21rs_sknaaclwwlfna0059.jpg "/>

Write under Server to control the source of access to the primary site, or to write under location, indicating that a site


Overloading and accessing tests:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/3A/wKioL1Xe3ovxIX8tAAETRIgrKZo310.jpg "title=" 14.png "alt=" Wkiol1xe3ovxix8taaetrigrkzo310.jpg "/>


650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3A/wKioL1Xe3uCwDN-fAAIlWraJUig746.jpg "title=" 15.png "alt=" Wkiol1xe3ucwdn-faailwrajuig746.jpg "/>


5. Nginx Authentication

To modify the configuration file, add the authentication settings:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3A/wKioL1Xe4APjJyWQAAC__4SFv9Q262.jpg "title=" 16.png "alt=" Wkiol1xe4apjjywqaac__4sfv9q262.jpg "/>

Use the instruction htpasswd to generate the authentication file. htpasswd (this directive is included in the Httpd-tools)

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3A/wKioL1Xe4S7zYu1_AAD6Cmcv3hI292.jpg "title=" 17.png "alt=" Wkiol1xe4s7zyu1_aad6cmcv3hi292.jpg "/>

Overloading and accessing tests:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/3E/wKiom1Xe362zq5W4AAHjsIFVW-o235.jpg "style=" float: none; "title=" 19.png "alt=" Wkiom1xe362zq5w4aahjsifvw-o235.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/3A/wKioL1Xe4cyx6gvBAAIxsRG4ul4798.jpg "style=" float: none; "title=" 20.png "alt=" Wkiol1xe4cyx6gvbaaixsrg4ul4798.jpg "/>


6. Nginx Encrypted access

Encrypted access to data with SSL

# cd/etc/nginx/cert# OpenSSL genrsa-des3-out nginx.key 1024# OpenSSL req-new-key nginx.key-out nginx.csr# CP NGINX.K EY nginx.key.bak# OpenSSL rsa-in nginx.key.bak-out nginx.key# OpenSSL x509-req-days 365-in nginx.csr-signkey nginx.k Ey-out NGINX.CRT

To modify the Nginx configuration file, add the SSL option:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/40/wKiom1XfCWLgDZyPAAG-09_lBtI053.jpg "title=" A.png " alt= "Wkiom1xfcwlgdzypaag-09_lbti053.jpg"/>

Overload Nginx and view ports

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/3C/wKioL1XfC7iD46B7AAEqAiOIeH0603.jpg "title=" B.png " alt= "Wkiol1xfc7id46b7aaeqaioieh0603.jpg"/>

Access test:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/72/3D/wKioL1XfD0CC7wLdAAF2Z--lkzw425.jpg "title=" 111. PNG "alt=" wkiol1xfd0cc7wldaaf2z--lkzw425.jpg "/>

Install the certificate:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/3D/wKioL1XfEDzxttlPAAErpEq0tGU665.jpg "title=" 112. PNG "alt=" wkiol1xfedzxttlpaaerpeq0tgu665.jpg "/>


Access success:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/40/wKiom1XfD2mx630IAAF7aDzzHpo454.jpg "title=" 122. PNG "alt=" wkiom1xfd2mx630iaaf7adzzhpo454.jpg "/>


This article is from the "but evil Water Heart Pan" blog, please be sure to keep this source http://shmilyfl.blog.51cto.com/8897986/1689076

Nginx's site security

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.