nginx配置https域名
<p> <span style="color: rgba(0, 0, 0, 1); font-size: 18pt"><strong>nginx安装配置支持https和配置https域名</strong></span></p><div class="cnblogs_code"><img id="code_img_closed_2636a4eb-c14e-4a17-9cc5-acdacc42b6b0" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_2636a4eb-c14e-4a17-9cc5-acdacc42b6b0" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_2636a4eb-c14e-4a17-9cc5-acdacc42b6b0" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel</pre>
</div>
<span class="cnblogs_code_collapse">1、安装依赖</span></div>
<div class="cnblogs_code"><img id="code_img_closed_17179df6-f71a-4d86-82fd-ef0f6c99f68a" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_17179df6-f71a-4d86-82fd-ef0f6c99f68a" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_17179df6-f71a-4d86-82fd-ef0f6c99f68a" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> <span style="color: rgba(0, 0, 0, 1)">wget http://nginx.org/download/nginx-1.10.2.tar.gz
</span><span style="color: rgba(0, 128, 128, 1)">2</span> <span style="color: rgba(0, 0, 0, 1)">tar -zxvfnginx-1.10.2.tar.gz
</span><span style="color: rgba(0, 128, 128, 1)">3</span> cd nginx-1.10.2/</pre>
</div>
<span class="cnblogs_code_collapse">2、下载nginx</span></div>
<p>3、配置nginx</p>
<p> </p>
<div class="cnblogs_code">
<pre>./configure</pre>
</div>
<div class="cnblogs_code"><img id="code_img_closed_11f75628-3705-49f6-a9f6-4be6f01d9f21" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_11f75628-3705-49f6-a9f6-4be6f01d9f21" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_11f75628-3705-49f6-a9f6-4be6f01d9f21" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 0, 0, 1)">./configure \
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)">--prefix=/usr/local/nginx \
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> <span style="color: rgba(0, 0, 0, 1)">--conf-path=/usr/local/nginx/conf/nginx.conf \
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(0, 0, 0, 1)">--pid-path=/usr/local/nginx/conf/nginx.pid \
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> <span style="color: rgba(0, 0, 0, 1)">--lock-path=/var/lock/nginx.lock \
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span> <span style="color: rgba(0, 0, 0, 1)">--error-log-path=/var/log/nginx/error.log \
</span><span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(0, 0, 0, 1)">--http-log-path=/var/log/nginx/access.log \
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(0, 0, 0, 1)">--with-http_gzip_static_module \
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 0, 0, 1)">--http-client-body-temp-path=/var/temp/nginx/client \
</span><span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(0, 0, 0, 1)">--http-proxy-temp-path=/var/temp/nginx/proxy \
</span><span style="color: rgba(0, 128, 128, 1)">11</span> <span style="color: rgba(0, 0, 0, 1)">--http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
</span><span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(0, 0, 0, 1)">--http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
</span><span style="color: rgba(0, 128, 128, 1)">13</span> --http-scgi-temp-path=/var/temp/nginx/scgi</pre>
</div>
<span class="cnblogs_code_collapse">3.2、自定义配置</span></div>
<div class="cnblogs_code"><img id="code_img_closed_adf7fc05-97c6-46f9-8df0-6f2fe2701ff1" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_adf7fc05-97c6-46f9-8df0-6f2fe2701ff1" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_adf7fc05-97c6-46f9-8df0-6f2fe2701ff1" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> ./configure --prefix=/usr/local/nginx --with-http_ssl_module</pre>
</div>
<span class="cnblogs_code_collapse">3.3、支持HTTPS</span></div>
<div class="cnblogs_code">
<pre>make</pre>
</div>
<div class="cnblogs_code"><img id="code_img_closed_01b79e0a-55c7-43a2-8ed8-506bb0971d68" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_01b79e0a-55c7-43a2-8ed8-506bb0971d68" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_01b79e0a-55c7-43a2-8ed8-506bb0971d68" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> /usr/local/nginx/sbin/nginx -V</pre>
</div>
<span class="cnblogs_code_collapse">查看nginx是否支持</span></div>
<div class="cnblogs_code"><img id="code_img_closed_40014478-085e-476d-a560-1e3678aea20a" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_40014478-085e-476d-a560-1e3678aea20a" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_40014478-085e-476d-a560-1e3678aea20a" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> <span style="color: rgba(0, 0, 0, 1)">./configure --with-http_ssl_module
</span><span style="color: rgba(0, 128, 128, 1)">2</span> make</pre>
</div>
<span class="cnblogs_code_collapse">如果没支持才编译一下</span></div>
<div class="cnblogs_code"><img id="code_img_closed_ce5a8d92-ae3c-4363-ba39-ba9b3b80ca39" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_ce5a8d92-ae3c-4363-ba39-ba9b3b80ca39" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_ce5a8d92-ae3c-4363-ba39-ba9b3b80ca39" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 0, 0, 1)"># 以下属性中以ssl开头的属性代表与证书配置有关,其他属性请根据自己的需要进行配置。
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)">server {
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> <span style="color: rgba(0, 0, 0, 1)">listen 443 ssl; #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(0, 0, 0, 1)">server_name localhost;#将localhost修改为您证书绑定的域名,例如:www.example.com。
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> <span style="color: rgba(0, 0, 0, 1)">root html;
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span> <span style="color: rgba(0, 0, 0, 1)">index index.html index.htm;
</span><span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(0, 0, 0, 1)">ssl_certificate cert/domain name.pem; #将domain name.pem替换成您证书的文件名。
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(0, 0, 0, 1)">ssl_certificate_key cert/domain name.key; #将domain name.key替换成您证书的密钥文件名。
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 0, 0, 1)">ssl_session_timeout 5m;
</span><span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(0, 0, 0, 1)">ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;#使用此加密套件。
</span><span style="color: rgba(0, 128, 128, 1)">11</span> <span style="color: rgba(0, 0, 0, 1)">ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
</span><span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(0, 0, 0, 1)">ssl_prefer_server_ciphers on;
</span><span style="color: rgba(0, 128, 128, 1)">13</span> <span style="color: rgba(0, 0, 0, 1)">location / {
</span><span style="color: rgba(0, 128, 128, 1)">14</span> <span style="color: rgba(0, 0, 0, 1)">root html; #站点目录。
</span><span style="color: rgba(0, 128, 128, 1)">15</span> <span style="color: rgba(0, 0, 0, 1)">index index.html index.htm;
</span><span style="color: rgba(0, 128, 128, 1)">16</span> <span style="color: rgba(0, 0, 0, 1)">}
</span><span style="color: rgba(0, 128, 128, 1)">17</span> }</pre>
</div>
<span class="cnblogs_code_collapse">按照下文中注释内容修改nginx.conf文件:</span></div>
<div class="cnblogs_code"><img id="code_img_closed_f67d702e-3bb7-4ba9-82ef-8e7bc9ee98da" class="code_img_closed lazyload" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif"><img id="code_img_opened_f67d702e-3bb7-4ba9-82ef-8e7bc9ee98da" class="code_img_opened lazyload" style="display: none" alt="" data-src="http://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif">
<div id="cnblogs_code_open_f67d702e-3bb7-4ba9-82ef-8e7bc9ee98da" class="cnblogs_code_hide">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> <span style="color: rgba(0, 0, 0, 1)">server {
</span><span style="color: rgba(0, 128, 128, 1)">2</span> <span style="color: rgba(0, 0, 0, 1)"> listen 80;
</span><span style="color: rgba(0, 128, 128, 1)">3</span> <span style="color: rgba(0, 0, 0, 1)"> server_name localhost; #将localhost修改为您证书绑定的域名,例如:www.example.com。
</span><span style="color: rgba(0, 128, 128, 1)">4</span> <span style="color: rgba(0, 0, 0, 1)">rewrite ^(.*)$ https://$host$1 permanent; #将所有http请求通过rewrite重定向到https。
</span><span style="color: rgba(0, 128, 128, 1)">5</span> <span style="color: rgba(0, 0, 0, 1)"> location / {
</span><span style="color: rgba(0, 128, 128, 1)">6</span> <span style="color: rgba(0, 0, 0, 1)">index index.html index.htm;
</span><span style="color: rgba(0, 128, 128, 1)">7</span> <span style="color: rgba(0, 0, 0, 1)">}
</span><span style="color: rgba(0, 128, 128, 1)">8</span> }</pre>
</div>
<span class="cnblogs_code_collapse">可选: 设置HTTP请求自动跳转HTTPS。</span></div>
<p>本博文参考https://blog.csdn.net/long690276759/article/details/82790002和阿里云官方文档https://yundunnext.console.aliyun.com/?spm=5176.12818093.network-security.dbuy.488716d0rd77Sk&p=cas#/overview/cn-hangzhou 来写出</p><br><br>
来源:https://www.cnblogs.com/guanzhuang/p/12221543.html
頁:
[1]