CentOS6_Nginx基于域名的虚拟主机+反向代理+两个Tomcat
笺注:这是在 [url=http://blog.zhuohua.store/viewthread.php?tid=57&page=1&extra=#pid58]CentOS6_安装两个Tomcat[/url] 的基础上进行的。第一个Tomcat使用TCP 8080端口:
[root@localhost ~]# vi /usr/local/[color=DarkRed]tomcat[/color]/conf/server.xml
-->
<Connector port="[color=Blue]8080[/color]" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" URIEncoding="utf-8" />
第二个Tomcat使用TCP 8082端口:
[root@localhost ~]# vi /usr/local/[color=DarkRed]tomcat2[/color]/conf/server.xml
-->
<Connector port="[color=Blue]8082[/color]" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" URIEncoding="utf-8" />
在第一个Tomcat的默认站点的根目录下创建测试页:
[root@localhost ~]# vi /usr/local/[color=DarkRed]tomcat[/color]/webapps/ROOT/1.jsp
写入:
<%@ page import="java.util.*"%>
<%@ page import="java.sql.*"%>
<%@ page contentType="text/html; charset=UTF-8" %>
<html>
<head>
<title>第一个Tomcat</title>
</head>
<body>
<center>使用TCP 8080端口</center>
</body>
</html>
在第二个Tomcat的默认站点的根目录下创建测试页:
[root@localhost ~]# vi /usr/local/[color=DarkRed]tomcat2[/color]/webapps/ROOT/2.jsp
写入:
<%@ page import="java.util.*"%>
<%@ page import="java.sql.*"%>
<%@ page contentType="text/html; charset=UTF-8" %>
<html>
<head>
<title>第二个Tomcat</title>
</head>
<body>
<center>使用TCP 8082端口</center>
</body>
</html>
防火墙打开TCP 8080、TCP 8082、TCP 80端口:
[color=Blue]iptables -nL[/color]
[attach]17068[/attach]
Windows客户端远程测试:
http://192.168.168.135:[color=Blue]8080[/color]/1.jsp
[attach]17069[/attach]
http://192.168.168.135:[color=Blue]8082[/color]/2.jsp
[attach]17070[/attach]
############
############
Nginx反向代理:客户端先访问Nginx,通过Nginx的反向代理,再访问到Tomcat。
Nginx和Nginx版网站安全狗的安装可参考:[url=http://blog.zhuohua.store/viewthread.php?tid=302&extra=page%3D1]Oracle Linux6安装服务器安全狗、Nginx版网站安全狗[/url]
备注:Linux系统下,网站安全狗有Nginx版,但没有Tomcat版。
查看Nginx的版本:
[root@localhost ~]# nginx -v
[color=DarkRed]safedog-nginx-waf version/2.4
developed by www.safedog.cn[/color]
nginx version: nginx/[color=Purple]1.10.2[/color]
Nginx使用TCP 80端口:
[root@localhost ~]# netstat -anp |grep [color=Blue]nginx[/color]
tcp 0 0 0.0.0.0:[color=DarkRed]80[/color] 0.0.0.0:* LISTEN 14096/nginx
unix 3 [ ] STREAM CONNECTED 89381 14096/nginx
unix 3 [ ] STREAM CONNECTED 89380 14096/nginx
Nginx配置基于域名的虚拟主机:
先找到Nginx的主配置文件:
[root@localhost ~]# find / -name "nginx.conf"
[color=Purple]/usr/local/nginx/conf/nginx.conf[/color]
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
在文件最后那个大括号 [color=DarkRed]}[/color] 上面插入以下一行代码:
[color=Blue]include vhost/*.conf;[/color]
[attach]17071[/attach]
注释:Nginx会加载/usr/local/nginx/conf/vhost/下后缀为.conf的配置文件(即虚拟主机的配置文件)
创建存放虚拟主机配置文件的目录:
[root@localhost ~]# mkdir -p /usr/local/nginx/conf/vhost
创建第一台虚拟主机([color=Blue]bbs.zhuohua.store[/color])的配置文件:
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/[color=Blue]bbs.zhuohua.store[/color].conf
写入:
server
{
listen 80;
server_name [color=Blue]bbs.zhuohua.store[/color];
index index.html index.htm;
root /wwwroot/bbs.zhuohua.store;
location / {
[color=DarkRed]proxy_pass http://127.0.0.1:8080;[/color]
}
access_log off;
}
[color=DarkOrchid]注释:把对本机站点bbs.zhuohua.store的访问反向代理到本机的TCP 8080端口。[/color]
######
创建第二台虚拟主机([color=Blue]word.zhuohua.store[/color])的配置文件:
[root@localhost ~]# vi /usr/local/nginx/conf/vhost/[color=Blue]word.zhuohua.store[/color].conf
写入:
server
{
listen 80;
server_name [color=Blue]word.zhuohua.store[/color];
index index.html index.htm;
root /wwwroot/word.zhuohua.store;
location / {
[color=DarkRed]proxy_pass http://127.0.0.1:8082;[/color]
}
access_log off;
}
[color=DarkOrchid]注释:把对本机站点word.zhuohua.store的访问反向代理到本机的TCP 8082端口。[/color]
重启Nginx服务:
[root@localhost ~]# service nginx restart
现在防火墙只需要打开TCP 80端口,不需要打开TCP 8080、 TCP 8082端口了:
sed -i '/8080/d' /etc/sysconfig/iptables
sed -i '/8082/d' /etc/sysconfig/iptables
service iptables restart
再次查看防火墙的filter表的规则:
[color=Blue]iptables -nL[/color]
[attach]17072[/attach]
######
Window客户端远程访问:
在没有DNS服务器解析域名的情况下,可以在文件hosts里绑定:
[color=Blue]C:\WINDOWS\system32\drivers\etc\hosts[/color]
[attach]17073[/attach]
记得设置文件hosts的权限:
[attach]17074[/attach]
Window客户端远程访问的效果:
http://bbs.zhuohua.store/
[attach]17075[/attach]
http://bbs.zhuohua.store/1.jsp
[attach]17076[/attach]
http://word.zhuohua.store/
[attach]17077[/attach]
http://word.zhuohua.store/2.jsp
[attach]17078[/attach]
############
############
测试Nginx版网站安全狗的漏洞防护功能:(要设置为 [color=Blue]记录并拦截[/color] )
相关的配置文件:
[root@localhost ~]# cd /etc/safedog/nginx/conf/
[root@localhost conf]# cat WPCDefSql.conf
[SqlAttack]
ChkFullUrl=1
ChkSqlAttackStatus=1
ChkUrlLenStatus=1
Count=0
MaxUrlLen=2048
NeedSendInterceptPage=[color=DarkRed]1[/color] [color=DarkOrchid]#记录并拦截;默认是0,记录不拦截[/color]
NeedSendInterceptPageSQLAttack=0
SendAlert=1
UpdateUrl=http://www.safedog.cn/upload/configFile/sqlRule.dat
WhitePathCount=0
注释:可以直接在配置文件中修改,自动生效的。
Windows客户端远程测试:
http://192.168.168.135/[color=Blue]?order%20by[/color]
[attach]17079[/attach]
http://bbs.zhuohua.store/[color=Blue]?order%20by[/color]
[attach]17080[/attach]
http://word.zhuohua.store/[color=Blue]?order%20by[/color]
[attach]17081[/attach]
结论:
[size=4]Nginx做了反向代理后,Nginx版网站安全狗可以保护本机。[/size]
相关文章:
[url=http://blog.zhuohua.store/viewthread.php?tid=292&extra=page%3D1]Nginx基于域名的虚拟主机/域名重定向/访问控制/防盗链/SSL[/url]
[url=http://blog.zhuohua.store/viewthread.php?tid=297&page=1&extra=#pid300]CentOS6_Nginx反向代理+Nginx版网站安全狗+Tomcat+JDK+SSL[/url]
#################################
#################################
[url=https://weidian.com/?userid=823531601&wfr=wx&sfr=app&source=shop]亲,学习研究也要劳逸结合哦,来我微店逛逛,买点东西好好犒劳犒劳自己和家人吧^_^^_^[/url]
[url=https://weidian.com/item.html?itemID=905482571141697402392&wfr=wx&sfr=app&source=goods_home]正品飞科电动剃须刀FS868全身水洗充电式男士电动胡须刮胡刀[/url]
[url=https://weidian.com/item.html?itemID=905482571141697402392&wfr=wx&sfr=app&source=goods_home][attach]4541[/attach][/url]
[url=https://weidian.com/item.html?itemID=905482571141697408087&wfr=wx&sfr=app&source=goods_home]飞科剃须刀正品FS370电动递刮胡刀男士充电式剃须刀胡须刀剃须刀[/url]
[url=https://weidian.com/item.html?itemID=905482571141697408087&wfr=wx&sfr=app&source=goods_home][attach]4542[/attach][/url]
[url=https://weidian.com/item.html?itemID=905482571141697406030&wfr=wx&sfr=app&source=goods_home]飞科正品男士电动剃须刀FS876充电式刮胡刀即插即用刮胡剃须刀[/url]
[url=https://weidian.com/item.html?itemID=905482571141697406030&wfr=wx&sfr=app&source=goods_home][attach]4543[/attach][/url]
页:
[1]