nginx:
server{} : 虛擬主機
location [ = | ~ | ~* | ^~ ] URI {...} :
location URI {}:
對當前路徑及子路徑下的全部對象都生效
location = URI {}:
精確匹配指定的路徑,不包括子路徑,只對當前資源生效
location ~ | ~* URI {}:
使用正則表達式,~區分大小寫,~*不區分大小寫
location ^~ URI {}:
不使用正則表達式
優先級: = --> ^~ --> ~,~* --> " "
httpd:
基於本地文件路徑
<DocumentRoot "">
</DocumentRoot>
基於URI
<Location "/bbs">
</Location>
nginx.conf
worker_processes 2; #定義worker進程的個數
events {
worker_connections 1024;
} #定義每一個worker進程的最大鏈接數爲1024個
http {
include mime.types; #指定包含的文件
default_type application/octet-stream; #默認支持的類型
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on; #nagle算法
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on; #是否進行壓縮後再發送
# HTTP Server
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /var/www/html;
index index.html;
}
location = /bbs.html {
root /var/www/bbs;
allow 192.168.21.85;
deny all;
auth_basic "The authentication"
auth_basic_user_file /usr/local/nginx/.user
#建立用戶驗證文件
#[root@nginx html]# htpasswd -c -m /usr/local/nginx/.user hale
#New password:
#Re-type new password:
#Adding password for user hale
#增長一個用戶test
#[root@nginx html]# htpasswd -m /usr/local/nginx/.user test
}
#定義一個狀態檢測
location /status {
stub_status on;
access_log off;
allow 192.168.21.85;
deny all;
}
error_page 404 /404.html;
location = /404.html {
root html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# HTTPS server
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /var/ssl;
index index.html index.htm;
}
#建立SSL須要的證書CA
# [root@nginx ~]# mkdir /etc/nginx/ssl
# [root@nginx ~]# vim /etc/pki/tls/openssl.cnf #修改dir = /etc/pki/CA
# [root@nginx ~]# cd /etc/pki/CA/
# [root@nginx CA]# (umask 077; openssl genrsa 2048 > private/cakey.pem)
# [root@nginx CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
# [root@nginx CA]# echo 01 >serial
# [root@nginx CA]# touch index.txt
# [root@nginx CA]# ls
# [root@nginx CA]# cd /etc/nginx/ssl/
# [root@nginx ssl]# (umask 077; openssl genrsa 1024 > nginx.key)
# [root@nginx ssl]# openssl req -new -key nginx.key -out nginx.csr
# [root@nginx ssl]# openssl ca -in nginx.csr -out nginx.crt -days 3650
}
}html