The server of Nginx (ii)--nginx access control and virtual host

Source: Internet
Author: User
Tags to domain

One, Nginx access control

(1) Authorization-based access control

Nginx, like Apache, can be implemented based on user authorization of access control, when the client to access the appropriate Web site or directory required to enter the user name password to normal access, configuration steps and Apache basically consistent

The first step: Generate the User password Authentication file, use HTPASSWD to generate the user authentication file, if there is no such command, you can use Yum to install the Httpd-tools software package, using the same as before the Apache certification

~]#htpasswd-  c  /usr/local/nginx/passwd.db   test   #回车后会让输入两次密码

The permission to modify the password file is 400, the owner is changed to Nginx, so that nginx users can read

~]#chmod  /usr/local/nginx/passwd.db~]#chown nginx/usr/local/nginx/ Passwd.db

Second Step: Modify the main configuration file corresponding directory, add the authentication configuration item Auth entry, check the syntax, restart

1 Server {... 2 Local/ {3   root  html; 4 index  index.html  index.php; 5 " Secret " ; 6 auth_basic_user_file  /usr/local/nginx/passwd.db; 7 ~]#nginx-t8 ~]#service Nginx Reload

(2) Client-based access control

Nginx Client-based access control is simpler than Apache, the rules are matched from top to bottom, if the match is stopped, no longer matches down

Format:

Deny IP/IP segment

Allow IP/IP segment

Example: In addition to the 10.1.1.0 network segment, 192.168.1.0 network segment, all remaining IP 192.168.1.1 Cannot log in

1 location/ {2  root  html; 3 index  index.html  index.php; 4 deny 192.168.1.1; 5 allow 192.168.1.0/24; 6 allow 10.1.1.0/16; 7 deny all; 8 }
Second, Nginx virtual host

You can create multiple sites on a single server, each virtual Web site has a separate "server{}" configuration segment, each listening IP address, port number can be specified separately, of course, the site name is also different

Nginx supports three types of virtual hosts: domain-based, IP-based, Port-based

(1) Domain-based virtual host building (most commonly used more than 90% use this)

① for www.bt.com and www.test.com to prepare domain name resolution, can modify the Hosts file

② Prepare website catalogue and test homepage of each website

~]#mkdir-p/var/www/html/btcom  testcom

③ Create a index.html in two folders

④ Modify nginx.conf, configure two "server{}" areas (note the red font is our attention)

1 server {2Listen 80;3 server_name www.test.com;4CharSet Utf-8;5Access_log logs/ www.test.log main;6Location/  {7Root/var/www/html/ testcom;8 index index.html index.htm;9 }TenError_page 500 502 503 504/50x.html; OneLocation =/50x.html { A root html; - } -}

⑤ access to two websites by domain name

(2) IP-based virtual host building (IP too expensive, not used)

① to prepare multiple IP addresses, using sub-interfaces or multiple NICs

Example: Ifconfig eth0:0 192.168.1.2/24 setting sub-interface URLs

② Prepare the catalogue and test homepage of each website

③ Modify nginx.conf, configure two "server{}" area (note the red font is what we should pay attention to, pay attention to the difference)

12 listen 192.168.1.2:803 server_name 192.168.1.24 CharSet Utf-8
   
    5 Access_log  logs/
    www.test.log  6 location  /
      7 root/var/www/html/
    
     8
      index index.html  9
      }error_page  502  503 504  /
     50 x.html; Location =/
     50x.html {
      root   html; 14
      }
    
   

④ access to two websites with IP address

(3) Port-based virtual host building (more internal tests used in the company)

① Select ports, select unused ports in the system

② Prepare the catalogue and test homepage of each website

③ to prepare the domain name resolution, according to the configuration file to determine whether to parse

④ Modify nginx.conf, configure two "server{}" area (note the red font is what we should pay attention to, pay attention to the difference)

1server {2 Listen192.168.1.2:81; #注意: The second server port is changed to 81, before you need to login with a domain name to change the previous IP address to the domain name   3 server_name 192.168.1.2; #注意: Change to Domain name as needed 4 CharSet Utf-8; 5 Access_log logs/Www.test.log main;6 Location/  { 7 root/var/www/html/testcom;8index index.html index.htm;9}Error_page 500 502 503 504/50x.html;Location =/50x.html {12root html;13}14}

⑤ the IP address or domain name to access two sites, note the input IP, followed by the port number http://192.168.1.2;81

The server of Nginx (ii)--nginx access control and virtual host

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.