URL组成

<scheme>://<user>:<password>@<host>:<port>/<path>:<params>?<query>#<frag>

scheme     方案        访问服务器以获取资源时要使用哪种协议
user       用户        某些方案访问资源时需要的用户名
password   密码        用户对应的密码，中间用:分隔
scheme     方案        访问服务器以获取资源时要使用哪种协议
host       主机        资源宿主服务器的主机名或IP地址
port       端口        资源宿主服务器正在监听的端口号,很多方案有默认端口号
path       路径        服务器资源的本地名，由一个/将其与前面的URL组件分隔
params     参数        指定输入的参数，参数为名/值对，多个参数，用;分隔
query      查询        传递参数给程序，如数据库，用?分隔,多个查询用&分隔
frag       片段        一小片或一部分资源的名字，此组件在客户端使用，用#分隔

Nginx的安装

 vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx
baseurl=http://nginx.org/packages/rhel/9/x86_64
gpgcheck=0dnf install nginx –ysystemctl enable --now nginx.servicefirewall-cmd --permanent --add-service=httpfirewall-cmd –reload

 nginx全局配置

user nginx;                                     #nginx程序运行用户
worker_processes auto;                          #开启work进程数量
error_log /var/log/nginx/error.log notice;      #错误日志
pid /var/run/nginx.pid;                         #pid文件
events {
worker_connections 1024;                        #可接受最大连接数
}

 http模块配置

http {
include /etc/nginx/mime.types;                   #可解析的静态资源类型
default_type application/octet-stream;           #用来配置Nginx响应前端请求默认的MIME类型
log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;       #访问日志
sendfile          on;                            # Nginx服务器是否使用sendfile()传输文件
#tcp_nopush       on;                            # 当包累计到一定大小后就发送，默认0.2s一次
keepalive_timeout 65;                            # 长连接超时时间
#gzip             on;                            #可以使网站的css、js 、xml、html 等静态资源在传输时进行压缩
include /etc/nginx/conf.d/*.conf;                #指定子配置文件
}

子配置文件

/etc/nginx/conf.d/default.conf
server {listen 80;                                #监听端口server_name localhost;                    #服务器的名字location / {root /usr/share/nginx/html;           #默认发布目录index index.html index.htm;           #默认发布文件}#error_page 404 /404.html;# redirect server error pages to the static page /50x.html#error_page 500 502 503 504 /50x.html;     #访问出错呈现错误页面location = /50x.html {root /usr/share/nginx/html;
}
}

Nginx配置

基于IP的虚拟主机

ip addr add 172.25.254.111/24 dev ens160
ip addr add 172.25.254.222/24 dev ens160
mkdir -p /usr/share/nginx/vhostroot/{111,222}/html
echo 172.25.254.111 > /usr/share/nginx/vhostroot/111/html/index.html
echo 172.25.254.222 > /usr/share/nginx/vhostroot/222/html/index.html
vim vhost_ip.conf
server{listen 172.25.254.111:80;location / {root /var/www/virtualdir/111/html;index index.html index.htm}
}
server{listen 172.25.254.222:80;location / {root /var/www/virtualdir/222/html;index index.html index.htm}
}
curl 172.25.254.222:8080
172.25.254.222
curl 172.25.254.111
172.25.254.111

基于域名的虚拟主机

mkdir -p /usr/share/nginx/vhostroot/{bbs,news}/html
echo news.easylee.org > /usr/share/nginx/vhostroot/news/html/index.html
echo bbs.easylee.org > /usr/share/nginx/vhostroot/bbs/html/index.html
vim vhost_name.conf
server {listen 80;server_name bbs.carter.org;location / {root /usr/share/nginx/vhostroot/bbs/html;index index.html index.htm;}
}
server {listen 80;server_name news.carter.org;location / {root /usr/share/nginx/vhostroot/bbs/html;index index.html index.htm;}
}
测试：
[root@localhost conf.d]# curl news.carter.org
news.easylee.org
[root@localhost conf.d]# curl bbs.carter.org
news.carter.org
本地解析：
vim /etc/hosts
172.25.254.100 bbs.carter.org news.carter.org

 web服务器的访问控制

mkdir -p /usr/share/nginx/vhostroot/bbs/html/admin
echo admin page > /usr/share/nginx/vhostroot/bbs/html/admin/index.html
vim vhost_name.conf
server {listen 80;root /usr/share/nginx/vhostroot/bbs/html;index index.html index.htm;server_name bbs.easylee.org;location / {}location /admin/ {allow 172.25.254.100;deny all;}
}

 

vim vhost_name.conf
server {listen 80;root /usr/share/nginx/vhostroot/bbs/html;index index.html index.htm;server_name bbs.carter.org;location / {}location /admin/ {auth_basic on;auth_basic_user_file /etc/nginx/.htpasswd;}
}

 

 部署https

mkdir -p /etc/nginx/certs
openssl req -newkey rsa:2048 -nodes -sha256 \
-keyout /etc/nginx/certs/carter.org.key -x509 -days 365 \
-out /etc/nginx/certs/carter.org.crt
--------------------------------------
按照提示填入相应信息
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shannxi
Locality Name (eg, city) [Default City]:Xi'An
Organization Name (eg, company) [Default Company Ltd]:carter
Organizational Unit Name (eg, section) []:web
Common Name (eg, your name or your server's hostname) []:www.carter.org
Email Address []:carter@163.com
配置nginx开启https功能
mkdir /usr/share/nginx/vhostroot/login/html -p
echo login.carter.org > /usr/share/nginx/vhostroot/login/html/index.html
vim vhost_name.conf
server {listen 443 ssl;server_name login.carter.org;ssl_certificate /etc/nginx/certs/carter.org.crt;ssl_certificate_key /etc/nginx/certs/carter.org.key;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers HIGH:!aNULL:!MD5;location / {root /usr/share/nginx/vhostroot/login/html;index index.html index.htm;}
}强制访问加密
vim vhost_name.conf
server {listen 80;server_name login.carter.org;rewrite ^/(.*)$ https://login.carter.org/$1 permanent;
}^/(.*)$                           这时正则表达式语法表示匹配浏览器地址栏中的所有内容
$1                                login.easylee.org/xxx 这个地址转换时保留xxx
permanent                         表示永久转换301

生成php测试页
mkdir -p /usr/share/nginx/html/php
vim /usr/share/nginx/html/php/index.php
<?phpphpinfo();
?>配置web服务器对php页面的发布
server {listen 80;server_name localhost;location ~ \.php$ {root /usr/share/nginx/html/php;fastcgi_pass unix:/run/php-fpm/www.sock;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;}
}