首页 > 系统相关 >极速搭建Nginx文件服务器攻略

极速搭建Nginx文件服务器攻略

时间:2023-12-24 16:33:41浏览次数:40  
标签:samba 攻略 nginx etc Nginx html conf home 极速

目录


本地系统安装搭建

Nginx 安装包一般都存在于系统镜像中,直接挂本地源安装即可;
# Nginx 的默认根目录为
/usr/share/nginx/html
# 默认主配置文件为
/etc/nginx/nginx.conf

配置文件有效示例如下

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
# nginx 进程数
worker_processes 16;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 16;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   600;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    # 显示目录
    autoindex on;
    # 显示文件大小; # 关闭计算文件确切大小(单位bytes),只显示大概大小(单位kb、mb、gb)
    autoindex_exact_size off;
    # 显示文件时间
    autoindex_localtime on;
    # 避免中文乱码;
    charset utf-8;

    server {
        listen 80;
        server_name localhost;
        # 本地文件路径;
        root  /var/www/html;
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

}

注意

报 403 forbien  时 , 可能是 nginx 后台进程不是 nginx  , 或者 是文件的权限不足, 至少655 

配置 nginx 本地认证

# 添加如下两行配置
auth_basic "admin";
auth_basic_user_file /etc/nginx/.passwd.db
# 可以是针对全局的 ---------放在 server 空间外 
# 也可以是针对某一个区域的----------- 放在 location  空间内 

# 创建秘钥文件  
htpasswd -c <秘钥文件名>  <用户名>

参考文档

Nginx 详解

Nginx设置基本认证

问题百宝箱

在 selinux 开启时, 访问显示 403 Forbiden

# 原因
	因为上下文的配置,导致不具备访问该目录文件的权限;
# 解决方法
	# 方法 001 ---- 直接设置  
	chcon -R -t  httpd_sys_content_t  /data/html
	# 方法 002 ---- 参考设置 
	chcon -R --reference=/var/www/html  /data/html
	# 方法 003 ---- 永久性设置 -- 更新配置文件的方式 
	semanage fcontext -a  -t httpd_sys_content_t  "/data(/.*)?"  # 添加
	semanage fcontext -d  -t httpd_sys_content_t  "/data(/.*)?"  # 删除 
		-- 注意: 该方法需重启机器或执行如下命令 reload  
		restorecon -FRv /data/
--------------
Security-Enhanced Linux (SELinux) Notes:
Turn the samba_domain_controller Boolean on to allow a Samba PDC to use the
useradd and groupadd family of binaries. Run the following command as the
root user to turn this Boolean on:
setsebool -P samba_domain_controller on
Turn the samba_enable_home_dirs Boolean on if you want to share home
directories via Samba. Run the following command as the root user to turn this
Boolean on:
setsebool -P samba_enable_home_dirs on
If you create a new directory, such as a new top-level directory, label it
with samba_share_t so that SELinux allows Samba to read and write to it. Do
not label system directories, such as /etc/ and /home/, with samba_share_t, as
such directories should already have an SELinux label.
Run the "ls -ldZ /path/to/directory" command to view the current SELinux
label for a given directory.

Set SELinux labels only on files and directories you have created. Use the
chcon command to temporarily change a label:
chcon -t samba_share_t /path/to/directory
Changes made via chcon are lost when the file system is relabeled or commands
such as restorecon are run.
Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
directories. To share such directories and only allow read-only permissions:
setsebool -P samba_export_all_ro on
To share such directories and allow read and write permissions:
setsebool -P samba_export_all_rw on
To run scripts (preexec/root prexec/print command/...), copy them to the
/var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them.
Note that if you move the scripts to /var/lib/samba/scripts/, they retain
their existing SELinux labels, which may be labels that SELinux does not allow
smbd to run. Copying the scripts will result in the correct SELinux labels.
Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to
apply the correct SELinux labels to these files.

利用 Docker 容器搭建 Nginx 文件服务器

# 1. 下拉 nginx 官方镜像 -- debian 12
docker pull nginx
# 2. 创建 容器; 命令如下: 
#!/bin/bash

echo "创建nginx容器"

docker run \
-p 80:80 \
--name nginx_debian_12 \
-v /shiwei/dock-home/nginx.conf:/etc/nginx/nginx.conf \
-v /shiwei/dock-home/log:/var/log/nginx \
-v /shiwei/dock-home/html:/usr/share/nginx/html \
-v /shiwei/dock-home/sources.list:/etc/apt/sources.list \
-d nginx
 
#-v /shiwei/dock-home/conf/nginx.conf:/etc/nginx/nginx.conf \
#-v /shiwei/dock-home/conf/conf.d:/etc/nginx/conf.d \

debian 12 的 apt 仓库配置如下

deb https://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware contrib
deb https://mirrors.aliyun.com/debian-security/ bookworm-security main
deb-src https://mirrors.aliyun.com/debian-security/ bookworm-security main
deb https://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware contrib
deb https://mirrors.aliyun.com/debian/ bookworm-backports main non-free non-free-firmware contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm-backports main non-free non-free-firmware contrib

在容器内执行如下命令

apt install iputils-ping  # 可选
apt install iproute2      # 可选
apt install iptables     # 可选
apt install ufw           # 可选
systemctl start nginx
/etc/init.d/nginx status

其他

# 在宿主机内获取 docker 容器的 ip 
docker inspect nginx_debian_12 | jq .[0].NetworkSettings.IPAddress | xargs

# 将容器中的nginx.conf文件以及conf.d文件夹复制到刚创建的目录中
# 生成容器
docker run --name nginx -p 9001:80 -d nginx
# 将容器nginx.conf文件复制到宿主机
docker cp nginx:/etc/nginx/nginx.conf /home/nginx/conf/nginx.conf
# 将容器conf.d文件夹下内容复制到宿主机
docker cp nginx:/etc/nginx/conf.d /home/nginx/conf/conf.d
# 将容器中的html文件夹复制到宿主机
docker cp nginx:/usr/share/nginx/html /home/nginx/


标签:samba,攻略,nginx,etc,Nginx,html,conf,home,极速
From: https://www.cnblogs.com/shiwei1930/p/17924517.html

相关文章

  • nginx:413 Request Entity Too Large
    修改配置文件nginx.conf,根据自己的实际情况修改大小http{client_max_body_size10m;}配置完成后重启nginx参考文章解决413RequestEntityTooLarge(请求实体太大)......
  • centos7安装nginx
    首先安装nginx所需要的第三方库和编译工具# yuminstall-ygccgcc-c++autoconfautomakemake# yuminstallzlibzlib-developensslopenssl-develpcrepcre-develwgethttpd-toolsvim-ynginx官网:https://nginx.org/进入download页面下载稳定版本Stableversion:下......
  • 使用Docker和Nginx部署单页面应用
    使用Docker和Nginx部署单页面应用一、简介1.背景Docker是一个容器引擎,它使用Linux内核功能(如命名空间和控制组)在操作系统之上创建容器DockerCompose是一个命令行工具,可以简化容器镜像的构建以及容器的运行,将命令行的选项翻译成配置文件Nginx是一个高性能的HTTP和反向代理......
  • 通过 Nginx 来实现封杀恶意访问
    安装geoip2扩展依赖[root@fxkj~]#yuminstalllibmaxminddb-devel-y下载ngx_http_geoip2_module模块[root@fxkjtmp]#gitclonehttps://github.com/leev/ngx_http_geoip2_module.git[rotmp]#解压模块到指定路径我这里解压到/usr/local目录下[root@fxkjtmp]#mvngx_h......
  • nginx基础
    一、什么是nginx?​ Nginx(发音为“engine-x”)是一个高性能的开源Web服务器和反向代理服务器,也可以作为负载均衡器、HTTP缓存以及安全防护等。它最初由俄罗斯的程序设计师IgorSysoev在2004年创建。​ 相比传统的Apache服务器,Nginx采用了更加轻量级的架构,具有更低的内存占用......
  • 你和工博会观展达人也许只差一篇攻略
    展会的传统玩法如果说看展会也有级别,那么以下玩法应该算青铜级别:领礼品、拿资料、装袋,这一般称为山姆会员玩法,适合于老头老太;看机器人跳舞,感受科技的进步,这是科普教育玩法,适合于小学生;去看各个展台的小姐姐,这是车展式玩法,适合于外行人。对于工博会如此高大上的展会,仅仅用上......
  • nginx map 指令
    map指令是一项强大的功能,由ngx_http_map_module模块提供,默认情况下,nginx有加载这个模块,除非人为地排除(--without-http_map_module)。什么是map指令?map指令允许我们在Nginx配置文件中创建一个变量映射,以便根据输入变量的值映射到相应的输出变量值。这个特性可以用于根据特定......
  • Linux安装pinpoint监控,保姆级安装攻略,没有之一
    Linux安装pinpoint监控,保姆级安装攻略,没有之一pinpoint介绍Pinpoint是一个开源的APM(ApplicationPerformanceManagement/应用性能管理)工具,用于基于java的大规模分布式系统,基于GoogleDapper论文。架构组成Pinpoint主要由四部分组成:Pinpoint-Collector:数据收集模块,接收Agent发......
  • linux环境下nginx配置http2
    由于项目需求,在nginx下支持http2协议,希望提升访问性能。除了介绍配置过程,在文章最后会记上过程中的困惑。准备工作nginx-1.19.2.tar.gzopenssl-1.0.2r.tar.gz(必须不低于1.0.2,否则不支持http2)以上文件上传到/usr/local目录下。开始安装安装nginx#解压openssl>tar-zxv......
  • Nginx服务器常用参数设置
    Nginx作为一个高性能的Web服务器和反向代理,它的性能可以通过调整底层操作系统的参数来进一步优化。以下是一些常见的操作系统级别的调整,通常针对Linux系统:FileDescriptorsLimit:增加文件描述符的数量可以允许Nginx打开更多的连接。ulimit-n2048#临时设置,只影响当前会话......