基于IP地址的访问控制功能<ngx_http_access_module>;
===================================================
Syntax: allow address | CIDR | unix: | all; Default: — Context: http, server, location, limit_except
Syntax: deny address | CIDR | unix: | all; Default: — Context: http, server, location, limit_except
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
基于用户名密码的访问控制<ngx_http_auth_basic_module>;
=====================================================
Syntax: auth_basic string | off; Default: auth_basic off; Context: http, server, location, limit_except
Syntax: auth_basic_user_file file; Default: — Context: http, server, location, limit_except
location / {
auth_basic "closed site";
auth_basic_user_file /etc/nginx/.ngxpasswd;
}
认证的账号密码需使用’htpasswd’命令创建;
此命令由软件包”httpd-tools”提供;
nginx的内置状态页<ngx_http_stub_status_module>;
=======================================================
用于输出nginx的基本状态信息;
nginx的内置状态页信息如果开启,最好用上面2种访问控制进行权限设置!!
Syntax: stub_status; Default: — Context: server, location
举例:
location /basic_status {
stub_status;
返回结果:
Active connections: 291
server accepts handled requests
16630948 16630948 31070465
Reading: 6 Writing: 179 Waiting: 106
上面返回的信息中字段说明:
Active connections:活动状态的连接数;
accepts:已经接受的客户端请求总数;
handled:已经处理完成的客户端请求总数;
requests:客户端发来的总请求数;
Reading:处于读取客户端请求报文首部过程中的连接数;
Writing:处于向客户端发送响应报文过程中的连接数;
Waiting:处于等待客户端发出请求的空闲连接数;
取出"Active connections"数值:
~]# curl --silent http://192.168.206.99/basic_status | awk '/^Active/{print $3}'
取出"handled"数值:
~]# curl --silent http://192.168.206.99/basic_status | grep "\<[^a-z]\+[0-9]\+" | cut -d' ' -f2