配置基本认证:给网站目录加 “密码锁”
基本认证就像给你的私人储物柜加了一把锁,只有输入正确的用户名和密码才能打开。这在需要限制访问的场景(如后台管理页)非常有用。
#安装htpasswd工具(生成密码文件的工具)
[root@server ~ 09:21:54]# yum -y install httpd-tools
#配置 Nginx 的密码保护规则
[root@server ~ 09:22:11]# vim /etc/nginx/conf.d/ssl.conf
=============================================================================
server {
location /auth-basic/ {# 对/auth-basic/目录启用保护
auth_basic "Basic Auth";# 弹出的密码框提示文字(相当于锁上的提示:“请输入密码”)
auth_basic_user_file "/etc/nginx/.htpasswd";# 密码文件路径(钥匙对应的密码本)
}
}
=============================================================================
[root@server ~ 09:26:15]# systemctl restart nginx
#生成密码文件
[root@server ~ 09:26:26]# htpasswd -c /etc/nginx/.htpasswd lyk
New password:
Re-type new password:
Adding password for user lyk
#创建测试目录和页面
[root@server ~ 09:26:41]# mkdir /usr/share/nginx/html/auth-basic
[root@server ~ 09:26:51]# vim /usr/share/nginx/html/auth-basic/index.html
=============================================================================
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
=============================================================================
#vim添加地址才能crul , 配置域名映射(避免访问失败)
[root@server nginx 09:48:09]# vim /etc/hosts
10.1.8.10 www.lyk.cloud
# 测试密码保护效果
[root@server nginx 09:46:41]# curl http://www.lyk.cloud/auth-basic/
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
支持动态脚本
静态内容(HTML、图片)Nginx 能直接处理,但动态内容(PHP 脚本)需要 “后厨”(PHP 解释器)处理。这一步是让 Nginx 和 PHP 配合工作。
[root@server ~ 10:09:51]# yum install -y php php-fpm
[root@server ~ 10:10:14]# yum install -y php-gd php-common php-pear php-mbstring php-mcrypt
#测试 PHP 是否能正常工作
[root@server ~ 10:10:32]# php -v
[root@server ~ 10:25:48]# echo "<?php echo 'PHP Test Page'.\"\n\"; ?>" > php_test.php
[root@server ~ 10:26:03]# php php_test.php
PHP Test Page
#创建 Web 可访问的 PHP 页面
[root@server ~ 10:26:08]# echo "<?php phpinfo(); ?>" > /usr/share/nginx/html/info.php
-作用:把 PHP 脚本放到 Nginx 的网页目录,让用户能通过浏览器访问。
[root@server ~ 10:26:46]# vim /etc/nginx/nginx.conf
=============================================================================
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
=============================================================================
#显示下载文件错误
[root@server ~ 10:28:45]# curl http://www.lyk.cloud/info.php
<?php phpinfo(); ?>
# 修复 “下载文件” 错误
[root@server ~ 10:54:31]# vim /etc/nginx/nginx.conf
=============================================================================
#vim添加地址:
server_name www.lyk.cloud;
=============================================================================
[root@server ~ 10:36:57]# systemctl status php-fpm
[root@server ~ 10:36:57]# systemctl enable php-fpm
[root@server ~ 10:41:02]# systemctl restart nginx
#显示网页正确
[root@server ~ 10:54:31]# curl http://www.lyk.cloud/info.php
Tomcat 部署(java)
#安装 Tomcat 和验证 Java 环境
[root@server webapps 11:15:13]# yum install -y tomcat
[root@server ~ 11:10:10]# java -version
openjdk version "1.8.0_412"
[root@server ~ 11:10:22]# systemctl enable --now tomcat.service
Created symlink from /etc/systemd/system/multi-user.target.wants/tomcat.service to /usr/lib/systemd/system/tomcat.service.
#创建 JSP 测试页面
[root@server ~ 11:10:26]# cd /var/lib/tomcat/webapps/
[root@server webapps 11:13:13]# mkdir test
[root@server webapps 11:13:20]# vim test/index.jsp
=============================================================================
<html>
<head>
<title>第一个 JSP 程序</title>
</head>
<body>
<%
out.println("Hello World!");
%>
</body>
</html>
=============================================================================
#测试 Tomcat 是否工作
[root@server webapps 11:14:33]# curl http://www.lyk.cloud:8080/test/index.jsp
=============================================================================
<html>
<head>
<title>第一个 JSP 程序</title>
</head>
<body>
Hello World!
</body>
</html>
=============================================================================
Ngnix+Tomcat动静分离
动静分离是让 Nginx 处理静态内容(HTML、图片),Tomcat 处理动态内容(JSP),提高效率(就像前台直接给现成小吃,复杂菜品交给专门后厨)。
server 作为tomcat 服务器(Java 后厨,处理动态内容)
client 作为nginx反向代理(前台,转发请求 + 处理静态内容)
#在 client(Nginx 服务器)安装 Nginx
[root@client ~ 11:28:47]# yum install -y nginx
#配置 Nginx 反向代理 Tomcat
[root@client ~ 11:28:47]# vim /etc/nginx/nginx.conf
upstream tomcat {
server www.lyk.cloud:8080;# Tomcat服务器的地址和端口(Java后厨的位置)
}
server {# 在server块中添加动态请求转发规则
......
location /tomcat/ {# 访问/tomcat/路径时
proxy_pass http://tomcat/;# 转发给upstream定义的Tomcat服务器(把订单转给Java后厨)
}
}
#配置域名映射(让 client 认识 Tomcat 服务器)
[root@client ~ 11:33:56]# vim /etc/hosts
10.1.8.10 www.lyk.cloud www
upstream tomcat {
server 10.1.8.10:8080;
}
x.
[root@client ~ 11:40:10]# systemctl restart nginx.service
# 创建静态内容目录(前台自己处理的内容)
[root@client ~ 11:40:22]# mkdir /usr/share/nginx/html/web1
[root@client ~ 11:42:15]# mkdir /usr/share/nginx/html/web2
[root@client ~ 11:41:19]# echo hello w111 > /usr/share/nginx/html/web1/index.html
[root@client ~ 11:41:59]# echo hello w222 > /usr/share/nginx/html/web2/index.html
[root@client ~ 11:42:20]# systemctl restart nginx.service
效果:静态内容由 Nginx 快速返回,动态内容由 Tomcat 处理后返回,分工明确效率高
#测试动静分离效果 http://www.lyk.cloud http://www.lyk.cloud/web1 http://www.lyk.cloud/tomcat/test/index.jsp