您当前的位置: 首页 > 学无止境 > 心得笔记 网站首页心得笔记
配置nginx做为webServer详解
发布时间:2019-06-30 17:10:03编辑:雪饮阅读()
按访客ip进行限制访问
location /bbs {
root html/web;
index index.html;
deny 192.168.2.155;
}
基于用户的访问权限
(1)安装apache,然后使用apache的一个命令建立账号文件
[root@localhost nginx-1.4.1]# htpasswd -c -m /etc/nginx/.users tom
New password:
Re-type new password:
Adding password for user tom
[root@localhost nginx-1.4.1]# htpasswd -m /etc/nginx/.users jerry
New password:
Re-type new password:
Adding password for user jerry
注意,该命令第一次执行时需要-c参数,第二次执行时则不需要。-m参数是加密方式为md5
(2)配置nginx
location /bbs {
root html/web;
index index.html;
auth_basic 'restricted area...';
auth_basic_user_file /etc/nginx/.users;
}
搭建https
搭建ca机构
自签证书-ca私钥
[root@localhost CA]# (umask 077; openssl genrsa 2048 > private/cakey.pem)
Generating RSA private key, 2048 bit long modulus
.......+++
.....................................................................................+++
e is 65537 (0x10001)
自签-ca证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:ca.magedu.com
Email Address []:caadmin@magedu.com
自签ca初始化
[root@localhost CA]# touch serial
[root@localhost CA]# echo 01 > serial
[root@localhost CA]# touch index.txt
向ca请求证书签署
[root@localhost etc]# cd /etc/nginx/ssl/
[root@localhost ssl]# (umask 077;openssl genrsa 1024 > nginx.key)
Generating RSA private key, 1024 bit long modulus
...++++++
..++++++
e is 65537 (0x10001)
[root@localhost ssl]# openssl req -new -key nginx.key -out nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:www.magedu.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
ca签署证书
[root@localhost ssl]# openssl ca -in nginx.csr -out nginx.crt -days 3650
关键字词:nginx,ip限制,用户访问权限,auth,https