| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 |
- journalctl
- lvcreate
- nmcli
- yum
- docker
- 리다이렉션
- 랜카드인식불량
- 같은폴더
- swapon
- 프로세스
- docker image
- HTTPD
- MSBing
- pvcreate
- 날짜변경
- permission
- docker network
- ansible
- ssh
- M365필터
- vagrant kubernetes
- mount
- chatGPT
- vgcreate
- firewalld
- Kubernetes
- tar
- newbingai
- 엑셀파일명변경
- chmod
- Today
- Total
becool
20210622 (화) Nginx 본문
WEB서버 구성 방식 : Apache, IIS, Nginx
1. 패키지 설치 epel-release, nginx
2. 서비스 설정 /etc/nginx/nginx.conf
3. 서비스 활성화 nginx
4. 방화벽 설정 httpd
/usr/share/nginx/html/
/usr/share/nginx/html/index.html
/usr/share/doc/HTML/index.html
/usr/lib/firewalld/services/nfs3.xml /usr/lib/firewalld/services/nrpe.xml
/usr/lib/firewalld/services/nfs.xml /usr/lib/firewalld/services/ntp.xml
/usr/lib/firewalld/services/nmea-0183.xml /usr/lib/firewalld/services/nut.xml
[root@web ~]# yum install -y epel-release
[root@web ~]# yum install -y nginx
[root@web ~]# systemctl stop httpd → 같이 동작할 수 없다
[root@web ~]# systemctl start nginx
[root@web ~]# ls /usr/share/nginx/html/
404.html en-US img nginx-logo.png
50x.html icons index.html poweredby.png
[root@web certs]# ls /usr/lib/firewalld/services/n* (방화벽서비스 종류에도 nginx는 없음 http로 사용)
[root@web ~]# firewall-cmd --list-services
dhcpv6-client http mysql ssh
[root@web ~]# echo "test nginx" > /usr/share/nginx/html/index.html → 인덱스 파일
[root@dns ~]# curl 10.0.2.30 → ip주소 또는 서버주소
test nginx → 출력 확인
가상호스트 문법 비교
Apache
<virtualhost *:80 >
ServerName XXXX
DocumentRoot /PATH
</virtualhost>
<Directory PATH>
Require all granted
</Directory>
Nginx
server {
Listen 80;
server_name XXXX
location {
satisfy all; 또는 allow ip; , deny all;
root /PATH
}
}
apache : 80포트 설정파일/443포트 설정파일 각각 존재
nginx : 설정파일안에 리스닝 포트를 기재할 수 있음.
[root@web ~]# cd /etc/pki/tls/certs
[root@web certs]# openssl genrsa -out http.key 2048
Generating RSA private key, 2048 bit long modulus
...................................................................................................+++
....................................................................................................................................................................................+++
e is 65537 (0x10001)
[root@web certs]# openssl req -new -key http.key -out http.csr
[root@web certs]# openssl x509 -in http.csr -out http.crt -req -signkey http.key -days 365
Signature ok
subject=/C=kr/ST=seoul/L=seoul/O=Default Company Ltd/CN=school.exam.com/emailAddress=root@localhost.localhost
Getting Private key
[root@web certs]# ls http*
http.crt http.csr http.key
[root@web certs]# vim /etc/nginx/nginx.conf
server {
listen 80 ;
listen [::]:80;
server_name web.school.exam.com;
root /usr/share/nginx/html;
return 301 https://web.school.exam.com$request_uri ; → 리다이렉션 옵션
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
root /usr/share/nginx/html;
#
ssl_certificate "/etc/pki/tls/certs/http.crt"; → 인증서, 개인키 주소 입력
ssl_certificate_key "/etc/pki/tls/certs/http.key";}
[root@web certs]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web certs]# firewall-cmd --add-service=https → https 방화벽 오픈
[root@web certs]# systemctl restart nginx
[root@web certs]# netstat -natlp |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11091/nginx: master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11091/nginx: master
tcp6 0 0 :::80 :::* LISTEN 11091/nginx: master
리버스 프록시
client --> nginx --> apache
--> apache
개념 : 전달자 역할의 시스템 구성
1) 속도향상
2) 부하분산
'linux' 카테고리의 다른 글
| 20210624 (목) FTP, DHCP, PXE server, kickstart (0) | 2021.06.24 |
|---|---|
| 20210624 (목) DHCP (0) | 2021.06.24 |
| 20210622 (화) webservice (0) | 2021.06.22 |
| 20210616 (수) dns, web서비스 (0) | 2021.06.16 |
| 20210507(금) (0) | 2021.05.07 |
