Nginx Https配置
2019-06-13 本文已影响0人
打不死的小强8号
nginx安装参考
https://www.jianshu.com/p/b828bcd6e614
在阿里云申请免费一年的CA证书
1.登录阿里云
2.搜索SSL证书(或着在产品-->安全-->SSL证书)
image.png
3. 点击购买
image.png
4.立即购买
image.png
5.填写认证信息,等待审核通过 后下载证书上传到服务器(我的目录是 /home/ca)
nginx配置文件
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name btmcheck.com;
return 301 https://$server_name$request_uri;
}
# HTTPS server
server {
listen 443 ssl;
server_name btmcheck.com;
ssl_certificate /home/ca/2197624_btmcheck.com.key;
ssl_certificate_key /home/ca/2197624_btmcheck.com.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# admin
location /admin {
proxy_pass http://localhost:8089/;
proxy_redirect off;
default_type application/json;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
client_max_body_size 25m;
}
# web
location /web/ {
proxy_pass http://localhost:8088/;
proxy_redirect off;
default_type application/json;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
client_max_body_size 25m;
}
# 图片配置
location /file-server {
add_header 'Access-Control-Allow-Origin' '*';
alias /home/project/xxx/pic/;
}
}
}
重启nginx (我的在/usr/local/nginx/sbin目录下)
cd /usr/local/nginx/sbin
./nginx -s reload
报错[emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:69解决
1.安装OpenSSL
yum -y install openssl openssl-devel
2.在nginx安装目录下执行
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
3.运行命令
make
4.然后备份原有已安装好的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
5.关闭nginx
./nginx -s stop
6.将刚刚编译好的nginx覆盖掉原有的nginx(这个时候nginx要停止状态)
cp ./objs/nginx /usr/local/nginx/sbin/
7.通过命令查看是否已经加入成功
/usr/local/nginx/sbin/nginx -V
