Implementation example of nginx access control

About Nginx, a high-performance, lightweight web service software

High stability Low system resource consumption High processing capacity for concurrent HTTP connections
A single physical server can support 30,000 to 50,000 concurrent requests

environment

A Linux server (192.168.13.128)
A win10 test machine

1. Share the compressed software package required by LAMP on Windows (if you have any questions here, please see the previous blog related articles)

Second, use remote sharing on Linux to obtain files and mount them to the mnt directory

[root@localhost ~]# smbclient -L //192.168.100.3/ ##Remote share access Enter SAMBA\root's password: 

    Sharename Type Comment
    --------- ---- -------
    LAMP-C7 Disk  
[root@localhost ~]# mount.cifs //192.168.100.3/LAMP-C7 /mnt ##Mount to the /mnt directory

3. Compile and install Nginx

1. Unzip the source package to /opt and check

[root@localhost ~]# cd /mnt ##Switch to the mount point directory [root@localhost mnt]# ls
apr-1.6.2.tar.gz Discuz_X2.5_SC_UTF8.zip LAMP-php5.6.txt
apr-util-1.6.0.tar.gz error.png mysql-5.6.26.tar.gz
awstats-7.6.tar.gz httpd-2.4.29.tar.bz2 nginx-1.12.0.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm kali.jpg php-5.6.11.tar.bz2
[root@localhost mnt]# tar zxvf nginx-1.12.0.tar.gz -C /opt ##Unzip the Nginx source package to /opt [root@localhost mnt]# cd /opt/ ##Switch to the unzipped directory [root@localhost opt]# ls
nginx-1.12.0 rh

2. Install the environment component package required for compilation

[root@localhost opt]# yum -y install \
gcc \ //c language gcc-c++ \ //c++ language pcre-devel \ //pcre language tool zlib-devel //data compression library

3. Create program user nginx and compile Nginx

[root@localhost opt]# useradd -M -s /sbin/nologin nginx ##Create a program user, safe and unavailable for login [root@localhost opt]# id nginx
uid=1001(nginx) gid=1001(nginx) group=1001(nginx)
[root@localhost opt]# cd nginx-1.12.0/ ##Switch to the nginx directory [root@localhost nginx-1.12.0]# ./configure \ ##Configure nginx
> --prefix=/usr/local/nginx \ ##Installation path> --user=nginx \ ##User name> --group=nginx \ ##User group> --with-http_stub_status_module ##Status statistics module

4. Compile and install

[root@localhost nginx-1.12.0]# make ##Compile...
[root@localhost nginx-1.12.0]# make install ##Install...

5. Optimize the nginx startup script to facilitate system recognition

[root@localhost nginx]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ ##Create a soft link to let the system recognize the nginx startup script [root@localhost nginx]# nginx -t ##Check the syntax of the configuration file nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost nginx]# nginx ##Open ngnix
[root@localhost nginx]# netstat -ntap | grep 80 ##Check the port. nginx has opened tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 39620/nginx: master 
[root@localhost nginx]# systemctl stop firewalld.service ##Turn off the firewall [root@localhost nginx]# setenforce 0

6. Install the elinks web testing tool and perform testing

[root@localhost nginx]# yum install elinks -y ##Install elinks software [root@localhost nginx]# elinks http://localhost ##Test nginx web page

7. Service opening, reloading and closing

[root@localhost nginx]# killall -s QUIT nginx ##Stop or use killall -3 nginx
[root@localhost nginx]# killall -s HUP nginx ##Restart or use killall -1 nginx
[root@localhost nginx]# nginx ##Open

8. Create management scripts to facilitate service management

[root@localhost nginx]# killall -s QUIT nginx ##Stop or use killall -3 nginx
[root@localhost nginx]# killall -s HUP nginx ##Restart or use killall -1 nginx
[root@localhost nginx]# nginx ##Open

Nginx access status statistics

Enable HTTP_STUB_STATUS status statistics module
nginx -V can check whether the installed Nginx contains the statistics module

1. Modify the nginx configuration file

[root@localhost ~]# cd /usr/local/nginx/conf ##Switch to the configuration file directory [root@localhost conf]# vim nginx.conf ##Modify the Nginx configuration file server {
 listen 80;
 server_name www.kgc.com; ##Specify a domain name charset utf-8; ##Chinese character set #access_log logs/host.access.log main;

 location / {
  root html;
  index index.html index.htm;
 }
 location /status { ##Add status statistics stub_status on;
 access_log off;
 }

Second, install the DNS server for domain name resolution

1. Install bind service

[root@localhost conf]# yum install bind -y ##Install DNS service

2. Configure the main configuration file /etc/named.conf

 [root@localhost conf]# vim /etc/named.conf ##Main configuration file options {
    listen-on port 53 { any; }; ##Set the local machine to listen to all listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file "/var/named/data/named.recursing";
    secroots-file "/var/named/data/named.secroots";
    allow-query { any; }; ##Allow all

3. Configure the zone configuration file (etc/named.rfc1912.zones)

[root@localhost conf]# vim /etc/named.rfc1912.zones ##Configure the zone configuration file zone "localhost" IN { ##Copy the template to the following type master;
        file "named.localhost";
        allow-update { none; };
};

zone "kgc.com" IN { ##Change localhost to kgc.com
        type master;
        file "kgc.com.zone"; ##Create a zone data configuration file allow-update { none; };
};

4. Edit the zone data configuration file ( kgc.com.zone )

[root@localhost conf]# cd /var/named
[root@localhost named]# cp -p named.localhost kgc.com.zone 
##Copy the template as kgc.com.zone
[root@localhost named]# vim kgc.com.zone ##Edit the zone data configuration file $TTL 1D
@ IN SOA @ rname.invalid. (
                  0 ; serial
                  1D ; refresh
                  1H ; retry
                  1W ; expire
                  3H ) ; minimum
        NS@
        A 127.0.0.1
www IN A 192.168.13.128 ##Delete ipv6 and add domain name resolution address to this machine

5. Turn off the firewall and start the service

[root@localhost named]# systemctl start named ##Start DNS service [root@localhost named]# systemctl stop firewalld.service ##Close firewall [root@localhost named]# setenforce 0 ##Close enhanced function

6. Use the win10 test machine to test

Authorization-based access control

The configuration steps are basically the same as Apache

Generate user password authentication file, modify the main configuration file to the corresponding directory, add authentication configuration items, restart the service, and access the test

1. Modify the main configuration file

[root@localhost ~]# cd /usr/local/nginx/conf ##Switch to the configuration file directory [root@localhost conf]# vim nginx.conf ##Modify the Nginx configuration file location / {
  auth_basic "secret"; ##Verification type auth_basic_user_file /usr/local/nginx/passwd.db; ##Verification file path root html;
  index index.html index.htm;
 }

2. Install the httpd-tools toolkit and set the password authentication file

[root@localhost conf]# yum install httpd-tools -y ##Install tool package[root@localhost conf]# htpasswd -c /usr/local/nginx/passwd.db test ##Set password authentication fileNew password: ##Enter passwordRe-type new password: ##Confirm passwordAdding password for user test
[root@localhost conf]# cat /usr/local/nginx/passwd.db ##View password authentication file test:$apr1$LqqHZeX3$24E7/HeacTVRzKA7nvSgY/
[root@localhost conf]# service nginx stop ##Shut down the service [root@localhost conf]# service nginx start ##Start the service

3. Test using a Win10 test machine

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Implementing access control and connection restriction based on Nginx
Nginx access control and parameter tuning methods
A brief discussion on the implementation of Nginx request restriction and access control
Detailed explanation of Nginx anti-hotlinking, Nginx access control and Nginx parsing PHP configuration
Two methods of nginx access control

<<: Detailed tutorial on installing different (two) versions of MySQL database on Windows

>>: Vue3.0+vite2 implements dynamic asynchronous component lazy loading