环境:centos6u3

1、安装nginx

(1)上传nginx

nginx-1.14.0.tar.gz。可以从nginx官网下载http://nginx.org/en/download.html

(2)解压

tar zxvf nginx-1.14.0.tar.gz

(3)安装依赖包:

yum install gcc gcc-c++ glibc automake pcre zlip zlib-devel openssl-devel pcre-devel wget lrzsz

(4)配置账号:

groupadd www
useradd -s /sbin/nologin -g www -M www

(5)编译、安装

cd nginx-1.14.
./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module
make
make install

(6)配置service
vim /etc/init.d/nginx

#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# it is v.0.0. version.
# chkconfig: -
# description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/usr/local/nginx/conf/nginx.conf
nginx_pid=/var/run/nginx.pid
RETVAL=
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit
[ -x $nginxd ] || exit
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
echo "nginx already running...."
exit
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog: "
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}
# reload nginx service functions.
reload() {
echo -n $"Reloading $prog: "
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit
esac
exit $RETVAL

2、配置反向代理

vim /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes ; #error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info; #pid logs/nginx.pid; events {
worker_connections ;
} http {
include mime.types;
default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on;
#tcp_nopush on; #keepalive_timeout ;
keepalive_timeout ; #gzip on; server {
listen ;
server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / {
root html;
index index.html index.htm;
} location /public/ {
proxy_pass http://ip:port/;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size ;
proxy_connect_timeout ;
proxy_send_timeout ;
proxy_read_timeout ;
proxy_buffer_size 64m;
proxy_buffers 64m;
proxy_busy_buffers_size 64m;
proxy_temp_file_write_size 64m;
} location /user/checkauth {
proxy_pass http://ip:port/user/checkbotpageauth;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
} location /url/ {
proxy_pass http://ip:port/url/;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size ;
proxy_connect_timeout ;
proxy_send_timeout ;
proxy_read_timeout ;
proxy_buffer_size 256m;
proxy_buffers 256m;
proxy_busy_buffers_size 256m;
proxy_temp_file_write_size 256m; auth_request /user/checkauth;
} #error_page /.html; # redirect server error pages to the static page /50x.html
#
error_page /50x.html;
location = /50x.html {
root html;
} # proxy the PHP scripts to Apache listening on 127.0.0.1:
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#} # deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
} # another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen ;
# listen somename:;
# server_name somename alias another.alias; # location / {
# root html;
# index index.html index.htm;
# }
#} # HTTPS server
#
#server {
# listen ssl;
# server_name localhost; # ssl_certificate cert.pem;
# ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on; # location / {
# root html;
# index index.html index.htm;
# }
#} }

注意,其中ip、port需要替换为具体ip、端口,/public、/url、/user/checkauth等为示例地址,需要根据具体情况修改。/user/checkauth接口,通过session判断是否有权限,没有权限返回http code 403,有权限返回200

3、主页自动跳转

vim /usr/local/nginx/html/index.html

<html>
<head>
<title>欢迎</title>
<meta http-equiv="refresh" content="0;url=/public/">
</head>
<body>
<h1>正在跳转。。。</h1>
</body>
</html>

4、启动nginx

service nginx start

使用nginx配置带有权限验证的反向代理的更多相关文章

  1. debian+nginx配置初探--php环境、反向代理和负载均衡

    配置nginx的PHP环境 安装nginx sudo apt-get install nginx 安装nginx就可以通过下面地址来访问了:http://localhost/ 安装php sudo a ...

  2. NETCore使用带有权限验证的Swagger

    原文:NETCore使用带有权限验证的Swagger 文章目录 Swagger 什么是Swagger NuGet安装 Startup注册Swagger 设置默认首页打开Swagger 为接口添加注释 ...

  3. nginx配置https双向验证(ca机构证书+自签证书)

    nginx配置https双向验证 服务端验证(ca机构证书) 客户端验证(服务器自签证书) 本文用的阿里云签发的免费证书实验,下载nginx安装ssl,文件夹有两个文件 这两个文件用于做服务器http ...

  4. Nginx二级域名及多Server反向代理配置

    Nginx强大的正则表达式支持,可以使server_name的配置变得很灵活,如果你要做多用户博客,那么每个用户拥有自己的二级域名也就很容易实现了. 注:nginx反向代理同一ip多个域名,给head ...

  5. nginx配置ssl双向验证 nginx https ssl证书配置

    1.安装nginx 参考<nginx安装>:http://www.ttlsa.com/nginx/nginx-install-on-linux/ 如果你想在单IP/服务器上配置多个http ...

  6. nginx的https和http共存反向代理配置

    一.设置http反向代理: upstream ly.com { server ; server ; } upstream home.ly.com { server ; server ; } 对应增加: ...

  7. Nginx配置访问权限

    基于IP配置Nginx的访问权限 Nginx配置通过两种途径支持基本访问权限的控制,其中一种是由HTTP标准模块ngx_http_access_module支持的,通过IP来判断客户端是否拥有对Ngi ...

  8. nginx -stream(tcp连接)反向代理配置 实现代理mysql以及文件上传

    原文链接:https://blog.csdn.net/Activity_Time/article/details/95767390 1. stream模块安装 nginx默认安装的时候无法加载流str ...

  9. aProxy: 带认证授权和权限控制的反向代理

    前段时间很多数据库因为没有做好权限控制暴露在外网被删然后遭勒索的事件,而类似的有些内网的web服务也会被开放到公网并且没有做任何权限控制的,这样也会有一定的风险.所以就决定写篇文章简单介绍一个小工具. ...

随机推荐

  1. PageHelper分页(十)

    分页有两种: (1) 物理分页:物理分页依赖的是某一物理实体,这个物理实体就是数据库,比如MySQL数据库提供了limit关键字,程序员只需要编写带有limit关键字的SQL语句,数据库返回的就是分页 ...

  2. 剑指Offer-14.链表中倒数第k个结点(C++/Java)

    题目: 输入一个链表,输出该链表中倒数第k个结点. 分析: 第一个解法,我们可以先遍历一遍链表,计算下节点的总数n,然后再从头结点查n-k个节点,即是倒数第k个节点. 第二个解法,便是使用双指针,两个 ...

  3. eclipse创建git本地仓库,并将本地仓库更新到远端git服务器

    目的:将本地代码更新到远端服务器 1.点击eclipsewindows->preference->team->git->Configuration配置git的基础环境 2.点击 ...

  4. Educational Codeforces Round 78 (Rated for Div. 2) 题解

    Shuffle Hashing A and B Berry Jam Segment Tree Tests for problem D Cards Shuffle Hashing \[ Time Lim ...

  5. oracle用户管理, 授权与回收权限

    一. 用户管理参数, 0.删除用户: drop user 用户名 [cascade] 当我们删除用户时, 如改用户已创建过数据对象, 那么删除用户时必须加cascade参数, 用来同步删除 改用户的所 ...

  6. x3

    #include<stdio.h> int main() { char ch; printf("输入一个字符:\n"); scanf("%c",&a ...

  7. T-SQL(SQLSERVER)

    使用自定义类型名 CREATE DATABASE Student GO USE Student GO Exec sp_addtype char20,'varchar(20)','null' GO 在库 ...

  8. Dockerfile命令整理

    通过Dockerfile只做Docker镜像时,需要用到Dockerfile的命令,收集整理如下,以便后续翻阅参考. FROM 功能为指定基础镜像,并且必须是第一条指令. 如果不以任何镜像为基础,那么 ...

  9. 解决 “version `GLIBCXX_3.4.21' not found ”问题

    https://blog.csdn.net/Heldrecom/article/details/85040411

  10. 区分 JVM 内存结构、 Java 内存模型 以及 Java 对象模型 三个概念

    本文由 简悦 SimpRead 转码, 原文地址 https://www.toutiao.com/i6732361325244056072/ 作者:Hollis 来源:公众号Hollis Java 作 ...