部署nginx虚拟主机及SSL虚拟主机

1、安装nginx

上传nginx安装包

[root@web1 lnmp_soft]# yum -y install gcc pcre-devel openssl-devel   //安装依赖包
[root@web1 lnmp_soft]# useradd -s /sbin/nologin nginx
[root@web1 lnmp_soft]# tar -xf nginx-1.12.2.tar.gz
[root@web1 lnmp_soft]# cd nginx-1.12.2
[root@web1 nginx-1.12.2]# ls
auto  CHANGES  CHANGES.ru  conf  configure  contrib  html  LICENSE  man  README  src
//编译安装
[root@web1 nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module         //开启SSL加密功能
[root@web1 nginx-1.12.2]# make && make install
 //开启服务
[root@web1 nginx-1.12.2]# /usr/local/nginx/sbin/nginx

2、用户认证

[root@web1 conf]# vim /usr/local/nginx/conf/nginx.conf  
server {
        listen       80;
        server_name  localhost;

        auth_basic "Input Password:";        //认证提示符信息
        auth_basic_user_file "/usr/local/nginx/pass";    //认证的密码文件

[root@web1 nginx-1.12.2]# yum -y install httpd-tools
//创建密码文件
[root@web1 nginx-1.12.2]# htpasswd -c /usr/local/nginx/pass tom
New password:
Re-type new password:
Adding password for user tom
//重启服务
[root@web1 nginx-1.12.2]# /usr/local/nginx/sbin/nginx -s reload

测试：访问主机网页需要输入用户名密码才能使用

3、虚拟主机

虚拟主机：基于域名、基于IP、基于端口的虚拟主机

基于域名：

[root@web1 conf]# vim /usr/local/nginx/conf/nginx.conf
   server {
        listen       80;             //端口
        server_name  www.a.com;        //域名


        auth_basic "Input Password:";        
        auth_basic_user_file "/usr/local/nginx/pass";    
        location / {
            root   html;        //网页根路径
            index  index.html index.htm;    //首页文档

        }
     
   server {
                listen 80;
                server_name www.b.com;
         location / {
                 root www;
                 index index.html index.htm;
}
}

基于IP

[root@web1 conf]# vim /usr/local/nginx/conf/nginx.conf
   server {
        listen       192.168.10.100:80;
        server_name  www.a.com;


        auth_basic "Input Password:";
        auth_basic_user_file "/usr/local/nginx/pass";

        location / {
            root   html;
            index  index.html index.htm;
        }
     
   server {
                listen 192.168.10.200:80;
                server_name www.b.com;
         location / {
                 root www;
                 index index.html index.htm;
}
}

基于端口

[root@web1 conf]# vim /usr/local/nginx/conf/nginx.conf
server {
                listen 80;
                server_name www.b.com;
         location / {
                 root www;
                 index index.html index.htm;
}
}
server {
                listen 8080;
                server_name www.c.com;
         location / {
                 root wwww;
                 index index.html index.htm;
}
}

修改客户端主机host文件进行域名解析

[root@web1 conf]# vim /etc/hosts
192.168.10.7 www.a.com www.b.com

4、SSL虚拟主机

加密算法：

对称加密：AES、DES，主要应用在单机数据加密

非对称加密：RSA、DSA，应用于网络数据加密

信息摘要：MD5、sha256，应用数据完整性校验

生成私钥和证书

[root@web1 nginx-1.12.2]# cd /usr/local/nginx/conf/
//生成私钥
[root@web1 conf]# openssl genrsa > cert.key
//生成证书
[root@web1 conf]# openssl req -new -x509 -key cert.key > cert.pem

配置nginx文件

[root@web1 conf]# vim /usr/local/nginx/conf/nginx.conf   
 server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      cert.pem;
        ssl_certificate_key  cert.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

客户端验证

curl https://192.168.10.7

总结