nginx 支持https访问
2024-10-11 21:47:11
1,先确认nginx安装时已编译http_ssl模块。
就是执行nginx -V命令查看是否存在--with-http_ssl_module。如果没有,则需要重新编译nginx将该模块加入。yum安装的一般都编译进去了。源码编译二进制包安装的可能需要重新编译,然后make,但是不需要make install。
2,查看是否已经安装SSL。openssl version -a
3,生成SSL证书
#在nginx目录下创建ssl文件夹
cd /etc/pki
mkdir nginx
cd nginx
#生成2048位的加密私钥
openssl genrsa -out server.key 2048
生成证书签名请求(CSR),这里需要填写许多信息
openssl req -new -key server.key -out server.csr
输出内容为:
Enter pass phrase for root.key: ← 输入前面创建的密码
Country Name (2 letter code) [AU]:CN ← 国家代号,中国输入CN
State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音
Locality Name (eg, city) []:BeiJing ← 市的全名,拼音
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名
Organizational Unit Name (eg, section) []: ← 可以不输入
Common Name (eg, YOUR name) []: ← 服务器主机名,若填写不正确,浏览器会报告证书无效,但并
Email Address []:admin@mycompany.com ← 电子邮箱,可随意填
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: ← 可以不输入
An optional company name []: ← 可以不输入生成类型为X509的自签名证书。 #有效期设置3650天,即有效期为10年
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
4、修改Nginx配置文件
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf; events {
worker_connections 1024;
} http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096; include /etc/nginx/mime.types;
default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf; server {
listen 80;
listen [::]:80;
server_name _;
#原目录名是html,是文件数据目录,修改为http,可以和https的数据目录做区分,也可以设置成一样的。
root /usr/share/nginx/http; # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf; error_page 404 /404.html;
location = /404.html {
} error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
} # Settings for a TLS enabled server.
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
root /usr/share/nginx/https; ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on; # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf; error_page 404 /404.html;
location = /40x.html {
} error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
} }
详细可参考以下博客:
https://www.cnblogs.com/bcodepod/p/15325522.html
https://cloud.tencent.com/developer/article/1151073
最新文章
- Reason: image not found
- Windows7 64位系统搭建Cocos2d-x-2.2.1最新版以及Android交叉编译环境(详细教程)
- 那些可能被你忽略的MySQL优化技巧
- HR外包系统 - 工资计算-几种常见账单计算规则
- IOS 取消表格单元格 TableViewCell 去掉高亮状态 点击Cell取消选择状态
- nagios–配置文件
- SQL Server 性能优化之——重复索引
- Python中NumPy基础使用
- 利用IIS和Nginx实现负载均衡
- Java 数据类型在实际开发中应用二枚举
- [转] Redux入门教程(快速上手)
- 面试中遇到的原生js题总结
- Java 新建excle文件并填充模版内容
- mysql计算两个日期相差的天数
- Arduino通过I2C(PCF8574T)驱动1602LCD
- 详解JavaScript的splice()方法
- 高并发数据采集的架构应用(Redis的应用)
- 检测Python程序的执行效率
- How do I list subversion repository's ignore settings
- 在react-native中使用redux