以下所有的实操都是在redhat7.3上
重定向
关于重定向的概念:
重定向的简介
[root@server1 certs]# systemctl stop nginx
[root@server1 ~]# cd nginx-1.17.0/
[root@server1 nginx-1.17.0]# /usr/local/nginx/sbin/nginx -V
[root@server1 nginx-1.17.0]# ./configure --help | grep ssl
[root@server1 nginx-1.17.0]# ./configure --prefix=/usr/local/nginx --with-file-aio --with-http_realip_module --with-http_ssl_module #添加模块
[root@server1 nginx-1.17.0]# make && make install
[root@server1 nginx-1.17.0]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
#当访问域名 www.westos.org时,实际上访问的是 /web/index.html文件
128 server {
129 listen 80; # 监听80端口
130 server_name www.westos.org; # 定义域名
131
132 location / {
133 root /web;
134 index index.html;
135 }
136 }
[root@server1 conf]# mkdir /web
[root@server1 conf]# vim /web/index.html
[root@server1 conf]# cat /web/index.html
测试
[root@server1 conf]# vim /etc/hosts
172.25.78.11 base1 www.westos.org
[root@server1 conf]# curl www.westos.org # 测试成功
添加443端口,实现http到https的加密:
[root@server1 conf]# vim nginx.conf
113 server {
114 listen 443 ssl; # 监听端口为443
115 server_name www.westos.org;
116
117 ssl_certificate cert.pem; # 证书位置
118 ssl_certificate_key cert.pem; # 私钥位置
119
120 ssl_session_cache shared:SSL:1m;
121 ssl_session_timeout 5m;
122
123 ssl_ciphers HIGH:!aNULL:!MD5; # 密码加密方式
124 ssl_prefer_server_ciphers on;
125
126 location / {
127 root /web; # 根目录位置
128 index index.html index.htm;
129 }
130 }
[root@server1 conf]# /usr/local/nginx/sbin/nginx -t #启动失败;
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# ls
[root@server1 certs]# make cert.pem #制作证书;
[root@server1 certs]# ls
[root@server1 certs]# cat cert.pem
[root@server1 certs]# cp cert.pem /usr/local/nginx/conf/ # 证书在 /usr/local/nginx/conf/才会生效
[root@server1 certs]# /usr/local/nginx/sbin/nginx -t #再次检测语法;
[root@server1 certs]# systemctl start nginx
[root@server1 certs]# netstat -antlp # 查看443端口已开启
浏览器测试,生成证书:
[root@foundation70 ~]# vim /etc/hosts #客户端添加解析
172.25.70.1 server1 www.westos.org
删除证书:
1.选择preference
重定向,无论访问什么,都会重定向到 https://www.westos.org
在server1上
[root@server1 conf]# vim nginx.conf
131 server {
132 listen 80;
133 server_name www.westos.org;
134 rewrite ^/(.*)$ https://www.westos.org/$1 permanent; #permanent表示永久的
135 }
[root@server1 conf]# ../sbin/nginx -t #检测成功;
[root@server1 conf]# systemctl reload nginx.service客户端测试:
[root@foundation70 ~]# curl -I www.westos.org/idex.html
[root@foundation70 ~]# curl -I www.westos.org/web.html
当访问一个站点的时候跳转到另外一个站点
在server1上:
[root@server1 conf]# vim nginx.conf
139 server {
140 listen 80;
141 server_name ;
142
143 location / {
144 root /bbs;
145 index index.html;
146 }
147
148 }
[root@server1 conf]# ../sbin/nginx -s reload
[root@server1 conf]# mkdir /bbs
[root@server1 conf]# vim /bbs/index.html
[root@server1 conf]# cat /bbs/index.html
[root@foundation70 ~]# vim /etc/hosts
172.25.70.1 server1 www.westos.org 
[root@foundation70 ~]# curl #测试成功;
在server1上:访问ip
[root@server1 conf]# vim nginx.conf
132 server {
133 listen 80;
134 server_name www.westos.org;
135 # rewrite ^/(.*)$ https://www.westos.org/$1 permanent; #$1表示第一串字符
136 rewrite ^/bbs$ https:/// permanent;
137 rewrite ^/bbs/(.*)$ https:///$1 permanent;
#当有访问的域名有/bbs目录时,全部重定向到http://上
138 }
141 server {
142 listen 80;
143 server_name ;
144
145 location / {
146 root /bbs;
147 index index.html;
148 }
[root@server1 conf]# systemctl reload nginx.service客户端测试:
[root@foundation70 ~]# curl -I www.westos.org/bbs #隐藏位置
[root@foundation70 ~]# curl -I www.westos.org/bbs/index.html #index.html这时域名后的第一个字符
[root@server1 conf]# cp -r /bbs/ /web/
[root@server1 conf]# cd /web/
[root@server1 web]# ls
bbs index.html
[root@server1 web]# cat index.html
[root@server1 conf]# vim nginx.conf
132 server {
133 listen 80;
134 server_name www.westos.org ;
135 # rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
136 # rewrite ^/bbs$ https:/// permanent;
137 # rewrite ^/bbs/(.*)$ https:///$1 permanent;
138
139
140 if ($host = ""){
141 rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
142 }
143
144 location / { 当访问的域名为重定向到http://www.westos.org上
145 root /web;
146 index index.html;
147 }
148
149
150 }
在客户端测试:
[root@foundation70 ~]# vim /etc/hosts
[root@foundation70 ~]# cat /etc/hosts
[root@foundation70 ~]# curl -I
[root@foundation70 ~]# curl -I /index.html
#如果没有找到想要匹配的域名解析时,就会访问到默认用户,容易造成恶意解析
[root@foundation70 ~]# curl -I www.westos.org
盗链
在server2上:
[root@server2 conf]# vim nginx.conf
147 server {
148 listen 80;
149 server_name ;
150 charset utf-8; #文字识别
151 location /{
152 root /web;
153 index index.html;
154
155 }
156 }
[root@server2 conf]# mkdir /web
[root@server2 conf]# cd /web
[root@server2 web]# vim index.html
<html>
<body>
<br>daolian Picture </br>
<img src="http://www.westos.org/vim.jpg">
</body>
</html>
[root@server2 web]# /usr/local/nginx/sbin/nginx
[root@server2 web]# /usr/local/nginx/sbin/nginx -t
[root@server2 web]# /usr/local/nginx/sbin/nginx -s reload
在server1上:
[root@server1 conf]# cd /web/
[root@server1 web]# ls
bbs index.html vim.jpg(随意传一张即可)
[root@server1 conf]# vim nginx.conf
server {
listen 80;
server_name www.westos.org;
#rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
#rewrite ^/bbs$ https:/// permanent;
#rewrite ^/bbs/(.*)$ https:///$1 permanent;
#if ($host = ""){
#rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
#}
location / {
root /web;
index index.html;
}
location ~* \.(gif|jpg|png|jpeg)$ {
root /web;
valid_referers none blocked www.westos.org;
if ($invalid_referer) {
return 403;
}
}
[root@server1 conf]# ../sbin/nginx -s reload客户端测试:
[root@foundation70 ~]# vim /etc/hosts #域名解析
172.25.70.1 server1 www.westos.org
172.25.70.2 server2 浏览器测试:
防盗链
在server1上:
[root@server1 conf]# vim nginx.conf
132 server {
133 listen 80;
134 server_name www.westos.org;
135 # rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
136 # rewrite ^/bbs$ https:/// permanent;
137 # rewrite ^/bbs/(.*)$ https:///$1 permanent;
138
139
140 # if ($host = ""){
141 # rewrite ^/(.*)$ https://www.westos.org/$1 permanent;
142 # }
143
144 location / {
145 root /web;
146 index index.html;
147 }
148 location ~* \.(gif|jpg|png|jpeg)$ {
149 root /web;
150 valid_referers none blocked www.westos.org; #原是站点访问是www.westos.org,时,不做禁止
151 if ($invalid_referer) {
#当不是我允许的域名访问我时,重定向到http://这个站点上;
152 rewrite ^/ http:///daolian.jpg;
153 }
154 }
155
156 }
这是我的bbs站点
158 server {
159 listen 80;
160 server_name ;
161
162 location / {
163 root /bbs;
164 index index.html;
165 }
166 }
[root@server1 conf]# ../sbin/nginx -s reload
[root@server1 conf]# cd /bbs/
[root@server1 bbs]# ls
daolian.jpg index.html
客户端测试:
[root@foundation70 ~]# vim /etc/hosts #域名解析
172.25.70.1 server1 www.westos.org
172.25.70.2 server2 浏览器测试:
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
