The server of Nginx (ii)--nginx access control and virtual host

Last Update:2016-11-08 Source: Internet

Author: User

Tags to domain

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

One, Nginx access control

(1) Authorization-based access control

Nginx, like Apache, can be implemented based on user authorization of access control, when the client to access the appropriate Web site or directory required to enter the user name password to normal access, configuration steps and Apache basically consistent

The first step: Generate the User password Authentication file, use HTPASSWD to generate the user authentication file, if there is no such command, you can use Yum to install the Httpd-tools software package, using the same as before the Apache certification

~]#htpasswd-  c  /usr/local/nginx/passwd.db   test   #回车后会让输入两次密码

The permission to modify the password file is 400, the owner is changed to Nginx, so that nginx users can read

~]#chmod  /usr/local/nginx/passwd.db~]#chown nginx/usr/local/nginx/ Passwd.db

Second Step: Modify the main configuration file corresponding directory, add the authentication configuration item Auth entry, check the syntax, restart

1 Server {... 2 Local/ {3   root  html; 4 index  index.html  index.php; 5 " Secret " ; 6 auth_basic_user_file  /usr/local/nginx/passwd.db; 7 ~]#nginx-t8 ~]#service Nginx Reload

(2) Client-based access control

Nginx Client-based access control is simpler than Apache, the rules are matched from top to bottom, if the match is stopped, no longer matches down

Format:

Deny IP/IP segment

Allow IP/IP segment

Example: In addition to the 10.1.1.0 network segment, 192.168.1.0 network segment, all remaining IP 192.168.1.1 Cannot log in

1 location/ {2  root  html; 3 index  index.html  index.php; 4 deny 192.168.1.1; 5 allow 192.168.1.0/24; 6 allow 10.1.1.0/16; 7 deny all; 8 }

Second, Nginx virtual host

You can create multiple sites on a single server, each virtual Web site has a separate "server{}" configuration segment, each listening IP address, port number can be specified separately, of course, the site name is also different

Nginx supports three types of virtual hosts: domain-based, IP-based, Port-based

(1) Domain-based virtual host building (most commonly used more than 90% use this)

① for www.bt.com and www.test.com to prepare domain name resolution, can modify the Hosts file

② Prepare website catalogue and test homepage of each website

~]#mkdir-p/var/www/html/btcom  testcom

③ Create a index.html in two folders

④ Modify nginx.conf, configure two "server{}" areas (note the red font is our attention)

1 server {2Listen 80;3 server_name www.test.com;4CharSet Utf-8;5Access_log logs/ www.test.log main;6Location/  {7Root/var/www/html/ testcom;8 index index.html index.htm;9 }TenError_page 500 502 503 504/50x.html; OneLocation =/50x.html { A root html; - } -}

⑤ access to two websites by domain name

(2) IP-based virtual host building (IP too expensive, not used)

① to prepare multiple IP addresses, using sub-interfaces or multiple NICs

Example: Ifconfig eth0:0 192.168.1.2/24 setting sub-interface URLs

② Prepare the catalogue and test homepage of each website

③ Modify nginx.conf, configure two "server{}" area (note the red font is what we should pay attention to, pay attention to the difference)

12 listen 192.168.1.2:803 server_name 192.168.1.24 CharSet Utf-8
   
    5 Access_log  logs/
    www.test.log  6 location  /
      7 root/var/www/html/
    
     8
      index index.html  9
      }error_page  502  503 504  /
     50 x.html; Location =/
     50x.html {
      root   html; 14
      }

④ access to two websites with IP address

(3) Port-based virtual host building (more internal tests used in the company)

① Select ports, select unused ports in the system

② Prepare the catalogue and test homepage of each website

③ to prepare the domain name resolution, according to the configuration file to determine whether to parse

④ Modify nginx.conf, configure two "server{}" area (note the red font is what we should pay attention to, pay attention to the difference)

1server {2 Listen192.168.1.2:81; #注意: The second server port is changed to 81, before you need to login with a domain name to change the previous IP address to the domain name   3 server_name 192.168.1.2; #注意: Change to Domain name as needed 4 CharSet Utf-8; 5 Access_log logs/Www.test.log main;6 Location/  { 7 root/var/www/html/testcom;8index index.html index.htm;9}Error_page 500 502 503 504/50x.html;Location =/50x.html {12root html;13}14}

⑤ the IP address or domain name to access two sites, note the input IP, followed by the port number http://192.168.1.2;81

The server of Nginx (ii)--nginx access control and virtual host

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More