nginx 安装参考: https://www.cnblogs.com/taiyonghai/p/6728707.html
自签证书生成参考: https://gmd20.github.io/blog/openssl生成RSA和椭圆曲线加密公钥密钥创建根CA签名HTTPS服务器证书签名/
一: Nginx 安装
openssl 安装
[[email protected] src]# tar zxvf openssl-fips-2.0.10.tar.gz
省略安装内容...
- [[email protected] src]# cd openssl-fips-2.0.10
- [[email protected] openssl-fips-2.0.10]# ./config && make && make install
省略安装内容...
pcre 安装
[[email protected] src]# tar zxvf pcre-8.40.tar.gz
省略安装内容...
- [[email protected] src]# cd pcre-8.40
- [[email protected] pcre-8.40]# ./configure && make && make install
省略安装内容...
zlib 安装
[[email protected] src]# tar zxvf zlib-1.2.11.tar.gz
省略安装内容...
- [[email protected] src]# cd zlib-1.2.11
- [[email protected] zlib-1.2.11]# ./configure && make && make install
省略安装内容...
SSL 模块安装
[[email protected] src]# yum install openssl-devel
省略安装内容...
nginx 安装
[[email protected] src]# tar zxvf nginx-1.10.2.tar.gz
省略安装内容...
- [[email protected] src]# cd nginx-1.10.2
- [[email protected] nginx-1.10.2]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module && make && make install
省略安装内容...
二, 证书和私钥的生成
注意: 将生成的服务器证书和私钥, 拷贝到 / usr/local/nginx/conf / 目录下, 测试可以使用自签证书. 使用 openssl 自签即可.
建议使用 ECC 加密证书
- [[email protected] conf]# ls -al
- total 84
- drwxr-xr-x. 3 root root 4096 Apr 5 15:29 .
- drwxr-xr-x. 11 root root 151 Apr 5 13:34 ..
省略
- -rw-r--r--. 1 root root 615 Apr 5 15:29 server.crt
- -rw-r--r--. 1 root root 302 Apr 5 15:29 server.key
省略
三, 配置文件
1. 下面为配置文件 /usr/local/nginx/conf/nginx.conf , 将 HTTPS 部分的 server 配置注释去掉, 并设置正确的证书证书和私钥
- [[email protected] conf]# cat nginx.conf
- #user nobody;
- worker_processes 1;
- #error_log logs/error.log;
- #error_log logs/error.log notice;
- #error_log logs/error.log info;
- #pid logs/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- include mime.types;
- default_type application/octet-stream;
- #log_format main '$remote_addr - $remote_user [$time_local]"$request" '
- # '$status $body_bytes_sent"$http_referer" '
- # '"$http_user_agent" "$http_x_forwarded_for"';
- #access_log logs/access.log main;
- sendfile on;
- #tcp_nopush on;
- #keepalive_timeout 0;
- keepalive_timeout 65;
- #gzip on;
- server {
- listen 80;
- server_name localhost;
- #charset koi8-r;
- #access_log logs/host.access.log main;
- location / {
- root HTML;
- index index.HTML index.htm;
- }
- #error_page 404 /404.HTML;
- # redirect server error pages to the static page /50x.HTML
- #
- error_page 500 502 503 504 /50x.HTML;
- location = /50x.HTML {
- root HTML;
- }
- # proxy the PHP scripts to Apache listening on 127.0.0.1:80
- #
- #location ~ \.PHP$ {
- # proxy_pass http://127.0.0.1;
- #}
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- #location ~ \.PHP$ {
- # root HTML;
- # fastcgi_pass 127.0.0.1:9000;
- # fastcgi_index index.PHP;
- # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
- # include fastcgi_params;
- #}
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
- }
- # another virtual host using mix of IP-, name-, and port-based configuration
- #
- server {
- listen 8000;
- # listen somename:8080;
- # server_name somename alias another.alias;
- location / {
- root HTML;
- index index.HTML index.htm;
- }
- }
- # HTTPS server
- #
- server {
- listen 443 ssl;
- server_name localhost;
- ssl_certificate server.crt;
- ssl_certificate_key server.key;
- ssl_session_cache shared:SSL:1m;
- ssl_session_timeout 5m;
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
- location / {
- root HTML;
- index index.HTML index.htm;
- }
- }
- }
四, 开启 nginx 服务器
开启 nginx 服务器 和查看服务器状态
- [[email protected] conf]# /usr/local/nginx/sbin/nginx
- [[email protected] conf]# /usr/local/nginx/sbin/nginx -t
- nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
- nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
关闭 nginx 服务器
- [[email protected] conf]# ps -aux | grep nginx
- root 11821 0.0 0.0 46936 1168 ? Ss 15:29 0:00 nginx: master process ./nginx
- nobody 11822 0.0 0.0 49552 3552 ? S 15:29 0:00 nginx: worker process
- root 12229 0.0 0.0 112712 972 pts/0 S+ 17:19 0:00 grep --color=auto nginx
- [[email protected] conf]# kill 11821
- [[email protected] conf]# ps -aux | grep nginx
- root 12231 0.0 0.0 112712 968 pts/0 S+ 17:19 0:00 grep --color=auto nginx
五, 关闭 CentOS 防火墙
关闭 CentOS 防火墙
- [[email protected] conf]#
- [[email protected] conf]# systemctl stop firewalld
- [[email protected] conf]#
- [[email protected] conf]# systemctl disable firewalld
- Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
- Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
六: 客户端测试访问
大功告成:
来源: http://www.bubuko.com/infodetail-3012311.html