13_搭建Nginx服务器、配置网页认证、基于域名的虚拟主机、ssl虚拟主机

官方yum源：
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

pc7
1. 安装nginx
]# yum -y install nginx
]# nginx
]# nginx -V
nginx version: nginx/1.16.1
]# netstat -anptu | grep nginx
]# curl http://10.10.11.10

物理机：
firefox http://10.10.11.10/

2. 配置用户认证
]# cd /etc/nginx/conf.d
conf.d]# cp -p default.conf default.conf.bak
conf.d]# vim default.conf
...
server_name  localhost;
     auth_basic "Input Password";
     auth_basic_user_file "/usr/local/nginx/pass";
...
conf.d]# yum -y install httpd-tools
conf.d]# htpasswd -c /etc/nginx/conf.d/pass tom1
conf.d]# htpasswd /etc/nginx/conf.d/pass tom2    # 追加用户，不使用-c选项
conf.d]# cat /etc/nginx/conf.d/pass
tom1:$apr1$UL9KCacj$OieKdhwxB6QXk48g8aq80/
tom2:$apr1$BLccaaL7$sVlr9y7YfGVaDQEGWNI5s1
conf.d]# nginx -s reload

物理机测试：
]# firefox http://10.10.11.10
(要输入账户、密码,注意清除浏览器缓存)

3. 基于域名的虚拟主机
conf.d]# vim default.conf
www.a.com 配置了用户认证
server {
    listen       80;
    server_name  www.a.com;
    auth_basic "Input Password";
    auth_basic_user_file "/usr/local/nginx/pass";
       
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
 
www.b.com 未配置用户认证
server {
    listen       80;
    server_name  www.b.com;
 
    location / {
        root   /usr/share/nginx/www;
        index  index.html index.htm;
    }
]# mkdir /usr/local/nginx/www
]# echo "www" > /usr/local/nginx/www/index.html
]# nginx -s reload

物理机测试：
]# vim /etc/hosts
10.10.11.10 www.a.com www.b.com
]# firefox http://www.a.com (输入用户名，密码访问）
]# firefox http://www.b.com ;

4.SSL虚拟主机
]# cd /etc/nginx/
nginx]# openssl genrsa > cert.key //生成私钥
nginx# openssl req -new -x509 -key cert.key > cert.pem # 生成证书
nginx]# ls
cert.key  cert.pem ...
nginx]# vim conf.d/default.conf
 server {
    listen       443 ssl;            # 要改
    server_name  www.b.com;
 
    ssl_certificate      cert.pem;
    ssl_certificate_key  cert.key;
 
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
 
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
 
    location / {
        root   /usr/share/nginx/www;
        index  index.html index.htm;
        }
    }
]# nginx -s reload

物理机访问:
]# vim /etc/hosts
10.10.11.10 www.a.com  www.b.com
]# firefox https://www.b.com     #信任证书后可以访问