Nginx Web Services: basic services and access control

Nginx brief introduction

Nginx is a high-performance, lightweight web service software with high stability, low system resource consumption and high processing capacity for HTTP concurrent connection (a single physical server can support 30000-50000 concurrent requests).

Nginx common commands

nginx -t check configuration file syntax
 Nginx start nginx service
 Kill - 3 nginx stop nginx service
 Kill - s quit nginx stop nginx service
 Kill - s HUP nginx reload nginx service
 Kill - 1 nginx reload nginx service

Experimental environment

1. Basic source package (no password): https://pan.baidu.com/s/14WvcmNMC6CFX1SnjHxE7JQ
2.CentOS 7 Linux virtual machine

Experimental steps

Step 1: get the source package on Windows remotely and mount it on Linux

[root@localhost ~]# smbclient -L //192.168.235.1
Enter SAMBA\root's password: 
Sharename       Type      Comment
---------       ----      -------
LNMP            Disk  

[root@localhost ~]# mkdir /abc
[root@localhost ~]# mount.cifs //192.168.235.1/LNMP /abc
Password for root@//192.168.235.1/LNMP:  
[root@localhost ~]# ls /abc
Discuz_X3.4_SC_UTF8.zip    nginx-1.12.0.tar.gz  php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz  nginx-1.12.2.tar.gz  php-7.1.20.tar.gz

Step 2: decompress the source package

[root@localhost ~]# cd /abc
[root@localhost abc]# tar zxvf nginx-1.12.0.tar.gz -C /opt
[root@localhost abc]# ls /opt
nginx-1.12.0  rh

Step 3: Download and install the compiled component package

[root@localhost abc]# cd /opt
[root@localhost opt]# yum install -y \
> gcc \             //C language
> gcc-c++ \         //c++ language
> pcre-devel \      //pcre language tools
> zlib-devel        //Compress function library

Step 4: create program users and configure related components of Nginx service

[root@localhost opt]# useradd -M -s /sbin/nologin nginx
//Create program user nginx and restrict it to not log in terminal
[root@localhost opt]# cd nginx-1.12.0/
[root@localhost nginx-1.12.0]# ./configure \            
//Configure nginx
> --prefix=//usr/local/nginx \      
//Specify installation path                        
> --user=nginx \
//Specify user name
> --group=nginx \
//Specify the group to which the user belongs
> --with-http_stub_status_module
//Installation status statistics module

Step 5: compile and install Nginx

[root@localhost nginx-1.12.0]# make && make install

Step 6: optimize the startup script of Nginx service and establish command soft connection

[root@localhost nginx-1.12.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 
//Create nginx service command soft link to system command
[root@localhost nginx-1.12.0]# systemctl stop firewalld.service 
//Turn off firewall
[root@localhost nginx-1.12.0]# setenforce 0
//Turn off enhanced security
[root@localhost nginx-1.12.0]# nginx 
//Enter nginx to start the service
[root@localhost nginx-1.12.0]# netstat -ntap | grep 80 / / check port 80 of the service, and it is shown that it is enabled
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      7520/nginx: master  

Step 7: use the browser to visit 192.168.235.158 to access the homepage of Nginx service

Step 8: make service management script

[root@localhost nginx-1.12.0]# cd /etc/init.d/
//Cut into the startup profile directory

#!/bin/bash
# chkconfig: - 99 20                                    
##Annotation information
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"           
##Set variable to nginx command file
PIDF="/usr/local/nginx/logs/nginx.pid"       
##Set the variable PID file process number to 5346
case "$1" in  
    start)
        $PROG                                              ##Opening service
        ;;
    stop)
        kill -s QUIT $(cat $PIDF)                   ##Shut down service
        ;;
    restart)                                                  ##Restart service
        $0 stop
        $0 start
        ;;
    reload)                                                  ##Heavy load service
        kill -s HUP $(cat $PIDF)
        ;;
    *)                                                          ##Error input prompt
                echo "Usage: $0 {start|stop|restart|reload}"
                exit 1
esac
exit 0

[root@localhost init.d]# chmod +x nginx    
//Grant nginx execution permission
[root@localhost init.d]# chkconfig --add nginx    
//Add nginx to the service manager
[root@localhost init.d]# service nginx stop               
//Using service to control nginx service stop
[root@localhost init.d]# service nginx start
//Using service to control the startup of nginx service

Access status statistics of Nginx

Enable HTTP stub status statistics module
● add -- with HTTP "stub status module when configuring compilation parameters
(we have installed the statistics module along with you.)
● nginx -V check whether the installed Nginx contains HTTP stub status module

Step 1: modify the Nginx.conf configuration file

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
//Edit the Nginx.conf configuration file
 35     server {
 36         listen       80;
 37         server_name  www.bdqn.com;
//Specify the domain name on line 37
 39         charset utf-8;
//Change line 39 to support UTF-8 (Chinese character set)

 43         location / {
 44             root   html;
 45             index  index.html index.htm;
 46         }
//Add status statistics parameter under line 46
         location /status {
              stub_status on;
              ##Statistics module on
              access_log off;
              ##Access log off
          }     

Step 2: install and configure DNS Service

[root@localhost ~]# yum -y install bind
//Install the bind package for DNS Service
[root@localhost ~]# vim /etc/named.conf 
//Edit Master profile

options {
        listen-on port 53 { any; };
        ##Replace the listening address 127.0.0.1 with any,
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
        ##Replace authorized localhost with any

[root@localhost ~]# vim /etc/named.rfc1912.zones 
//Edit zone profile

zone "bdqn.com" IN {        type master;
##Replace localhost with the domain name bdqn.com
        file "bdqn.com.zone";
        ##Specify the zone data configuration file bdqn.com.zone
        allow-update { none; };
};      

[root@localhost ~]# cd /var/named
[root@localhost named]# cp -p named.localhost bdqn.com.zone   
//The template of replication area data profile is bdqn.com.zone
[root@localhost named]# vim bdqn.com.zone 
//Edit area data profile
$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN  A       192.168.235.158
##Delete the contents of the original last line and add the domain name resolution address as the local address

[root@localhost named]# systemctl start named   
//Start dns Service
[root@localhost named]# systemctl stop firewalld.service    
//Turn off firewall
[root@localhost named]# setenforce 0   
//Turn off enhanced security

Step 3: turn on the virtual machine test access status statistics of a WIndows system

Nginx access control authorization

1. Generate user password authentication file
2. Modify the main configuration file to the corresponding directory, and add the authentication configuration item
3. Restart service, access test

Step 1: modify the Nginx.conf configuration file

[root@localhost named]# vim /usr/local/nginx/conf/nginx.conf
//Edit the Nginx.conf configuration file

       location / {
                auth_basic "secret";
                ##Verification type is secret
                auth_basic_user_file /usr/local/nginx/passwd.db;
                ##Indicate validation file path
            root   html;
            index  index.html index.htm;
        }

Step 2: install httpd tools toolkit and specify user name and password

[root@localhost named]# yum install httpd-tools -y
//Install httpd tools Toolkit
[root@localhost named]# htpasswd -c /usr/local/nginx/passwd.db test  
##Create test user password authentication file
New password: 
##Input password
Re-type new password: 
##Confirm password
Adding password for user test
[root@localhost named]# cat /usr/local/nginx/passwd.db
##View password file information
test:$apr1$mOje4UYz$BvRBABTcQB9XRG0SCCToZ1
[root@localhost named]# killall -1 nginx
//Overloading nginx services

Step 3: use the tester to verify the access control authorization effect

The above is all the content of this Nginx website service, thank you for reading!!!

Tags: Linux Nginx vim yum DNS

Posted on Mon, 04 Nov 2019 16:40:09 -0800 by solus