Nginx配置ssl实现https的全过程记录
目录
-
一、安装Nginxssl模块
-
1.检查2.安装3.再次检查
二、部署ssl证书三、配置nginx.conf四、重启Nginx总结
一、安装 Nginx ssl 模块
1.检查
检查是否已安装 ssl 模块:
cd /usr/local/nginx/sbin
./nginx -V
[root@server-c00ef8c3-710d-4708-9cde-2c864e7c03e2 sbin]# ./nginx -V
nginx version: nginx/1.21.4
built by gcc 4.8.5 20220623 (Red Hat 4.8.5-44) (GCC)
configure arguments: –prefix=/usr/local/nginx
如果没出现 configure arguments: –with-http_ssl_module 说明没有安装。
2.安装
cd /usr/local/nginx-1.21.4
./configure –prefix=/usr/local/nginx –with-http_ssl_module
make
cp ./objs/nginx /usr/local/nginx/sbin/
3.再次检查
再次检查是否已安装 ssl 模块:
cd /usr/local/nginx/sbin
./nginx -V
[root@server-c00ef8c3-710d-4708-9cde-2c864e7c03e2 sbin]# ./nginx -V
nginx version: nginx/1.21.4
built by gcc 4.8.5 20220623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2022
TLS SNI support enabled
configure arguments: –prefix=/usr/local/nginx –with-http_ssl_module
二、部署 ssl 证书
将申请好的 ssl 证书拷贝至 cert 目录下:
三、配置 nginx.conf
cd /usr/local/nginx/conf
vi nginx.conf
新增 https server 配置:
#管理端https
server {
listen 443 ssl;
server_name admin-xxxxx.xxx.xxx;
ssl_certificate ../cert/server.crt;
ssl_certificate_key ../cert/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://localhost:10003;
}
}
四、重启 Nginx
/usr/local/nginx/sbin/nginx -s reload
或
ps -ef|grep nginx
kill xxx
/usr/local/nginx/sbin/nginx
补充:如果 80 端口被占用,用kill [id]来结束进程:
# 查看端口使用
$ netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 21307/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 3072/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0
原创文章,作者:starterknow,如若转载,请注明出处:https://www.starterknow.com/105733.html