Nginx配置ssl實現https的全過程記錄

Posted on by

一、安裝 Nginx ssl 模塊

1.檢查

檢查是否已安裝 ssl 模塊:

cd /usr/local/nginx/sbin
./nginx -V

[root@server-c00ef8c3-710d-4708-9cde-2c864e7c03e2 sbin]# ./nginx -V
nginx version: nginx/1.21.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
configure arguments: --prefix=/usr/local/nginx

如果沒出現 configure arguments: –with-http_ssl_module 說明沒有安裝。

2.安裝

cd /usr/local/nginx-1.21.4
./configure --prefix=/usr/local/nginx --with-http_ssl_module
make
cp ./objs/nginx /usr/local/nginx/sbin/

3.再次檢查

再次檢查是否已安裝 ssl 模塊:

cd /usr/local/nginx/sbin
./nginx -V

[root@server-c00ef8c3-710d-4708-9cde-2c864e7c03e2 sbin]# ./nginx -V
nginx version: nginx/1.21.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module

二、部署 ssl 證書

將申請好的 ssl 證書拷貝至 cert 目錄下:

三、配置 nginx.conf

cd /usr/local/nginx/conf
vi nginx.conf

新增 https server 配置:

#管理端https
server {
     listen 443 ssl;
     server_name admin-xxxxx.xxx.xxx;
     ssl_certificate ../cert/server.crt;
     ssl_certificate_key ../cert/server.key;
     ssl_session_timeout 5m;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
     ssl_prefer_server_ciphers on;

     location / {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $http_host;
         proxy_pass http://localhost:10003;
     }
}

四、重啟 Nginx

/usr/local/nginx/sbin/nginx -s reload


ps -ef|grep nginx
kill xxx
/usr/local/nginx/sbin/nginx

補充:如果 80 端口被占用,用kill [id]來結束進程:

# 查看端口使用
$ netstat -lntp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 21307/nginx: master

tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 3072/sshd

tcp 0 0 0.0.0.0:443 0.0.0.0😗 LISTEN 21307/nginx: master

# 結束 80 端口進程

$ kill 21307

再次重啟 nginx :

$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

總結

到此這篇關於Nginx配置ssl實現https的文章就介紹到這瞭,更多相關Nginx配置ssl實現https內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!

推薦閱讀: