Nginx 安装 SSL 配置 HTTPS
查看 nginx 是否安装 http_ssl_module 模块。
$ /usr/local/nginx/sbin/nginx -V # nginx -V 部分系统也可以
configure arguments: —prefix=/usr/share/nginx —sbin-path=/usr/sbin/nginx —modules-path=/usr/lib64/nginx/modules —conf-path=/etc/nginx/nginx.conf —error-log-path=/var/log/nginx/error.log —http-log-path=/var/log/nginx/access.log —http-client-body-temp-path=/var/lib/nginx/tmp/client_body —http-proxy-temp-path=/var/lib/nginx/tmp/proxy —http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi —http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi —http-scgi-temp-path=/var/lib/nginx/tmp/scgi —pid-path=/run/nginx.pid —lock-path=/run/lock/subsys/nginx —user=nginx —group=nginx —with-file-aio —with-ipv6 —with-http_ssl_module --with-http_v2_module —with-http_realip_module —with-stream_ssl_preread_module —with-http_addition_module —with-http_xslt_module=dynamic —with-http_image_filter_module=dynamic —with-http_sub_module —with-http_dav_module —with-http_flv_module —with-http_mp4_module —with-http_gunzip_module —with-http_gzip_static_module —with-http_random_index_module —with-http_secure_link_module —with-http_degradation_module —with-http_slice_module —with-http_stub_status_module —with-http_perl_module=dynamic —with-http_auth_request_module —with-mail=dynamic —with-mail_ssl_module —with-pcre —with-pcre-jit —with-stream=dynamic —with-stream_ssl_module —with-google_perftools_module —with-debug —with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong —param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic’ —with-ld-opt=’-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E’
如上图有‘--with-http_ssl_module’ 这个选项,表示已经安装SSL模块。可直接进入配置nginx.conf 配置
Nginx.conf 配置
编辑 /usr/local/nginx/conf/nginx.conf 配置文件:
配置 https server。注释掉之前的 http server 配置,新增 https server:
server {# 服务器端口使用443,开启ssl, 这里ssl就是上面安装的ssl模块listen 443 ssl;# 域名,多个以空格分开server_name hack520.com www.hack520.com;# ssl证书地址ssl_certificate /usr/local/nginx/cert/ssl.pem; # pem文件的路径ssl_certificate_key /usr/local/nginx/cert/ssl.key; # key文件的路径# ssl验证相关配置ssl_session_timeout 5m; #缓存有效期ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议ssl_prefer_server_ciphers on; #使用服务器端的首选算法location / {root html;index index.html index.htm;}}
将 http 重定向 https。
server {listen 80;server_name hack520.com www.hack520.com;return 301 https://$server_name$request_uri;}
重启 nginx
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
如果 80 端口被占用,用kill [id]来结束进程:
# 查看端口使用$ netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21307/nginx: mastertcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3072/sshdtcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 21307/nginx: master# 结束 80 端口进程$ kill 21307
再次重启 nginx:
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
或者:
service nginx restart
更多内容请登录www.mihaoyun.com查看
女爷i
朱雀
Myth丶恋晨
系统管理员
还没有评论,来说两句吧...