Nginx配置ssl實現https的全過程記錄
一、安裝 Nginx ssl 模塊
1.檢查
檢查是否已安裝 ssl 模塊:
cd /usr/local/nginx/sbin ./nginx -V
[root@server-c00ef8c3-710d-4708-9cde-2c864e7c03e2 sbin]# ./nginx -V nginx version: nginx/1.21.4 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) configure arguments: --prefix=/usr/local/nginx
如果沒出現 configure arguments: –with-http_ssl_module 說明沒有安裝。
2.安裝
cd /usr/local/nginx-1.21.4 ./configure --prefix=/usr/local/nginx --with-http_ssl_module make cp ./objs/nginx /usr/local/nginx/sbin/
3.再次檢查
再次檢查是否已安裝 ssl 模塊:
cd /usr/local/nginx/sbin ./nginx -V
[root@server-c00ef8c3-710d-4708-9cde-2c864e7c03e2 sbin]# ./nginx -V nginx version: nginx/1.21.4 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module
二、部署 ssl 證書
將申請好的 ssl 證書拷貝至 cert 目錄下:
三、配置 nginx.conf
cd /usr/local/nginx/conf vi nginx.conf
新增 https server 配置:
#管理端https server { listen 443 ssl; server_name admin-xxxxx.xxx.xxx; ssl_certificate ../cert/server.crt; ssl_certificate_key ../cert/server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_pass http://localhost:10003; } }
四、重啟 Nginx
/usr/local/nginx/sbin/nginx -s reload
或
ps -ef|grep nginx kill xxx /usr/local/nginx/sbin/nginx
補充:如果 80 端口被占用,用kill [id]來結束進程:
# 查看端口使用 $ netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 21307/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 3072/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0😗 LISTEN 21307/nginx: master
# 結束 80 端口進程
$ kill 21307
再次重啟 nginx :
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
總結
到此這篇關於Nginx配置ssl實現https的文章就介紹到這瞭,更多相關Nginx配置ssl實現https內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!