Nginx常用子產品
Nginx官方文檔:
https://nginx.org/en/docs/
1、目錄索引子產品
ngx_http_autoindex_module (适合建yum倉庫用)
# Example Configuration
location / {
autoindex on;
}
# Directives
Syntax(文法):autoindex on | off;
Default(預設):autoindex off;
Context(環境):http, server, location
如何配置:例如
0 ✓ 10:16:14 root@web01,172.16.1.7:~ # cd /etc/nginx/conf.d
0 ✓ 10:18:20 root@web01,172.16.1.7:/etc/nginx/conf.d # ll
total 4
-rw-r--r-- 1 root root 1072 May 24 23:33 default.conf
0 ✓ 10:18:21 root@web01,172.16.1.7:/etc/nginx/conf.d # vim xxx.conf 創個配置檔案
server {
listen 80;
server_name blog.xxx.com;
location / {
autoindex on; # <<----放進去
root /xxx1;
index index.html;
}
}
# ps:nginx預設會去xxx1目錄下去找index.html,如果找到了會交給下面index處理。沒找到的話走autoindex子產品
mkdir /xxx1 && cd /xxx1
cd xxx1
mkdir 1
mkdir 2
mkdir abc
systemctl start nginx ,打開網頁:
優化1:檔案大小展示,下點東西進xxx1
Syntax:autoindex_exact_size on | off;
Default:autoindex_exact_size on; (把這行放進去)
Context:http, server, location
location / {
autoindex on;
autoindex_exact_size off <<---放進去
root /xxx1;
index index.html;
}
優化2 顯示格式
Syntax: autoindex_format html | xml | json | jsonp; html有時顯示中文是亂碼,通過修改json形式可以看到中文
Default:autoindex_format html;
Context:http, server, location
例如:
server {
listen 80;
server_name blog.xxx.com;
location / {
autoindex on;
autoindex_exact_size off;
autoindex_format json; <<----換成json
root /xxx1;
}
}
優化3 顯示本地時間
Syntax:autoindex_localtime on | off;
Default:autoindex_localtime off;
Context:http, server, location
2、狀态監控子產品
ngx_http_stub_status_module
https://nginx.org/en/docs/http/ngx_http_stub_status_module.html
# Example Configuration
location = /basic_status {
stub_status;
}
# 例如:
server {
listen 80;
server_name blog.xxx.com;
location / {
autoindex on;
autoindex_exact_size off;
root /xxx1;
}
location = /basic_status { #<<------ 另起一層location
stub_status;
}
}
##### 各參數的解釋
Active connections # 目前活動的連接配接數
accepts # 目前的總連接配接數 of TCP
handled # 成功的連接配接數TCP
requests # 通過各終端通路的的http總請求數(每重新整理一次就+1)
Reading # 請求
Writing # 響應
Waiting # 等待的請求數,開啟了keepalive
# ps: 長格式:一次TCP的連接配接,可以發起多次http的請求, 如下參數可配置進行驗證
keepalive_timeout 65; # 65s沒有活動則斷開連接配接
keepalive_timeout 0; # 類似于關閉長連接配接
實驗:用linux伺服器通路nginx頁面(web02用curl通路頁面)
# 先把配置改一下
server {
listen 80;
server_name 10.0.0.7; # <<-----改成10.0.0.7,因為web02裡沒有做域名解析
location / {
autoindex on;
autoindex_exact_size off;
root /xxx1;
}
location = /basic_status {
stub_status;
}
}
# 連接配接
0 ✓ 11:11:15 root@web02,172.16.1.8:~ # curl -s 10.0.0.7/basic_status (-s 顯示靜态)
Active connections: 3
server accepts handled requests
23 23 38
Reading: 0 Writing: 1 Waiting: 2
0 ✓ 11:12:18 root@web02,172.16.1.8:~ # curl -s 10.0.0.7/basic_status | awk 'NR==3 {print $1}'
24
0 ✓ 11:14:29 root@web02,172.16.1.8:~ # curl -s 10.0.0.7/basic_status | awk 'NR==3 {print $1}'
25
3、通路控制子產品
ngx_http_access_module
# Example Configuration
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
# 允許配置文法
Syntax: allow address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
# 拒絕配置文法
Syntax:deny address | CIDR | unix: | all;
Default:—
Context:http, server, location, limit_except
預設是allow all
4、通路認證子產品
ngx_http_auth_basic_module
https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
# 配置示例格式
location / {
auth_basic "closed site"; (密碼輸錯會顯示的資訊,比如密碼提示)
auth_basic_user_file conf/htpasswd;
}
# 說明
1、配到哪一層,進哪一層就要輸密碼
2、通常和auth_basic配合使用的工具是htpasswd,該工具來源于httpd-tools包,主要用于生成使用者及其密碼加密檔案
實操舉例:
# 安裝htpasswd
yum install -y httpd
# 在/etc/nginx下建立auth目錄,把密碼都放這
root@web01,172.16.1.7:/etc/nginx # mkdir auth
# 執行指令生成秘鑰檔案
htpasswd -bc /etc/nginx/auth/xxx_auth xxx 123
-b 允許指令輸入密碼
-c 建立一個新檔案,将使用者名和密碼儲存到檔案中
0 ✓ 21:00:11 root@web01,172.16.1.7:/etc/nginx/auth # cat xxx_auth
xxx:$apr1$0PjJZR1K$ZYD9kukcrNzMIfTAa9y3x.
# 修改xxx.conf配置檔案
0 ✓ 21:08:08 root@web01,172.16.1.7:/etc/nginx/conf.d # vim xxx.conf
server {
listen 80;
server_name blog.xxx.com;
location / {
autoindex on;
autoindex_exact_size off;
root /xxx1;
}
location = /basic_status {
stub_status;
auth_basic "closed site"; # <<--------配在這一層,進監控子產品時便需密碼
auth_basic_user_file /etc/nginx/auth/xxx_auth;
}
}
# 儲存退出 重載Nginx,再打開網頁便需輸入密碼,輸入xxx和123可進入
http://blog.xxx.com/basic_status