nginx访问控制,用户认证,配置https,zabbix监控nginx状态页面
目录
nginx访问控制
用于location段
allow:设定允许哪台或哪些主机访问,多个参数间用空格隔开
deny: 设定禁止哪台或哪些主机访问,多个参数间用空格隔开
//测试
[root@nginx ~]# cd /usr/local/nginx/html/
[root@nginx html]# ls
50x.html index.html
[root@nginx html]# echo 'hello world' > index.html
[root@nginx html]# systemctl restart nginx
//虚拟机访问
[root@nginx html]# curl 192.168.111.141
hello world
访问测试
//修改配置文件
[root@nginx html]# cd ..
[root@nginx nginx]# vim conf/nginx.conf
location / {
allow 192.168.111.141; //只允许虚拟机访问
deny all;
root html;
index index.html index.htm;
}
[root@nginx nginx]# systemctl restart nginx
//虚拟机访问
[root@nginx nginx]# curl 192.168.111.141
hello world
访问测试
nginx用户认证
//安装httpd工具包
[root@nginx ~]# yum -y install httpd-tools
//修改配置文件
[root@nginx ~]# cd /usr/local/nginx/conf/
[root@nginx conf]# vim nginx.conf
location / {
root html;
index index.html index.htm;
}
location /abc {
auth_basic "ABC";
auth_basic_user_file "/usr/local/nginx/conf/.pass"; //密码位置
root html;
index index.html;
}
//生成用户密码
[root@nginx conf]# htpasswd -cm /usr/local/nginx/conf/.pass runtime
New password:
Re-type new password:
Adding password for user runtime
[root@nginx conf]# cat .pass
runtime:$apr1$nPzAshNM$nvmalzBcNQlagDB3ipABc1 //加密后的密码
[root@nginx conf]# systemctl restart nginx
直接访问
访问根下的abc
nginx配置https
证书申请及签署步骤
a) 生成申请请求 b) RA核验c) CA签署 d) 获取证书
//生成证书
[root@nginx ~]# cd /etc/pki/
[root@nginx pki]# mkdir CA
[root@nginx pki]# cd CA/
[root@nginx CA]# mkdir private
[root@nginx CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //括号必须要
Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
............................................................................+++++
e is 65537 (0x010001)
[root@nginx CA]# ls private/
cakey.pem
//CA生成自签署证书
[root@nginx CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //国家
State or Province Name (full name) []:HB //省份
Locality Name (eg, city) [Default City]:WH //市
Organization Name (eg, company) [Default Company Ltd]:TX
Organizational Unit Name (eg, section) []:www.example.com //域名
Common Name (eg, your name or your server's hostname) []:www.example.com
Email Address []:1@2.com
[root@nginx CA]# mkdir certs newcerts crl
[root@nginx CA]# touch index.txt && echo 01 > serial
//生成密钥
[root@nginx CA]# cd /usr/local/nginx/conf/
[root@nginx conf]# mkdir ssl
[root@nginx conf]# cd ssl
[root@nginx ssl]# (umask 077;openssl genrsa -out nginx.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................................+++++
..................................+++++
e is 65537 (0x010001)
//证书签署请求
[root@nginx ssl]# openssl req -new -key nginx.key -days 365 -out nginx.csr
Ignoring -days; not generating a certificate