当前位置:首页 » 《关注互联网》 » 正文

nginx ssl证书配置

14 人参与  2024年04月15日 15:05  分类 : 《关注互联网》  评论

点击全文阅读


文章目录

前言一、ssl证书二、nginx配置ssl证书总结


前言

linux服务器nginx配置ssl证书。


一、ssl证书

需要申请域名,然后域名解析到你的外网服务器ip,然后申请ssl证书,然后下载下来,一般ssl证书可以通过 tomcat nginx等配置;

二、nginx配置ssl证书

更新yum
yum update yum
gcc安装
yum -y install gcc gcc-c++ autoconf automake make
其他安装
yum -y install zlib zlib-devel pcre-devel openssl openssl-devel
找个位置下载nginx 例如: /usr/local/src
wget https://nginx.org/download/nginx-1.24.0.tar.gz
当前位置解压
tar -zxvf nginx-1.24.0.tar.gz
创建用户组 用户
groupadd nginxuseradd nginx -g nginx -s /sbin/nologin -M
进入解压后的目录 编译nginx并加入ssl 安装
# 配置ssl./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --user=nginx --group=nginx# 安装编译make &&make install
修改nginx文件夹归属
chown -R nginx:nginx /usr/local/nginx
可在安装路径中 /usr/local/nginx/sbin 启动nginx
#启动./nginx#重启./nginx -s reload#关闭./nginx -s stop#验证配置nginx.conf正确./nginx -t
访问地址 ip 是否能看到nginx默认页面.ok后,停止nginx下载证书 改名字,上传到nginx的安装目录的conf的cert文件下 默认安装位置为: /usr/local/nginx/conf/cert
server.crtserver.key
修改nginx.conf 所在位置为 /usr/local/nginx/conf
● 代理vue前端页面
● 代理后端接口为/api/ 去掉此前缀 转发到服务器的9000端口
#user  nobody;worker_processes  1;#error_log  logs/error.log;#error_log  logs/error.log  notice;#error_log  logs/error.log  info;#pid        logs/nginx.pid;events {    worker_connections  1024;}http {    include       mime.types;    default_type  application/octet-stream;    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '    #                  '$status $body_bytes_sent "$http_referer" '    #                  '"$http_user_agent" "$http_x_forwarded_for"';    #access_log  logs/access.log  main;    sendfile        on;    #tcp_nopush     on;    #keepalive_timeout  0;    keepalive_timeout  65;    #gzip  on;    server {        listen       80;              server_name  localhost;        location / {            # 前端地址在 /usr/local/nginx/html/dist            root   html/dist/;            index  index.html index.htm;            # 刷新404            try_files $uri $uri/ /index.html;        }      # 代理服务端接口    location /api/ {           default_type  application/json;           proxy_pass http://ip:9000;           rewrite /api/(.*) /$1 break;           proxy_set_header Host $host;           proxy_set_header X-Real-IP $remote_addr;           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;           proxy_pass_request_headers on;           proxy_next_upstream error timeout;     }        #error_page  404              /404.html;        # redirect server error pages to the static page /50x.html        #        error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }    }}
配置证书的完整 nginx.conf
#user  nobody;worker_processes  1;#error_log  logs/error.log;#error_log  logs/error.log  notice;#error_log  logs/error.log  info;#pid        logs/nginx.pid;events {    worker_connections  1024;}http {    include       mime.types;    default_type  application/octet-stream;    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '    #                  '$status $body_bytes_sent "$http_referer" '    #                  '"$http_user_agent" "$http_x_forwarded_for"';    #access_log  logs/access.log  main;    sendfile        on;    #tcp_nopush     on;    #keepalive_timeout  0;    keepalive_timeout  65;    #gzip  on;    server {        listen       80;           server_name  localhost;        location / {            root   html/dist/;            index  index.html index.htm;            try_files $uri $uri/ /index.html;        }         # 代理服务端接口    location /dev-api/ {           default_type  application/json;           proxy_pass http://ip:9000;           rewrite /dev-api/(.*) /$1 break;           proxy_set_header Host $host;           proxy_set_header X-Real-IP $remote_addr;           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;           proxy_pass_request_headers on;           proxy_next_upstream error timeout;     }      # 代理图片服务接口     location /image/ {           default_type  application/json;           rewrite /image/(.*) /$1 break;           proxy_pass https://test-lsdj.obs.cn-north-4.myhuaweicloud.com/;           proxy_pass_request_headers on;           proxy_next_upstream error timeout;      }        #error_page  404              /404.html;        # redirect server error pages to the static page /50x.html        #        error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }        # proxy the PHP scripts to Apache listening on 127.0.0.1:80        #        #location ~ \.php$ {        #    proxy_pass   http://127.0.0.1;        #}        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000        #        #location ~ \.php$ {        #    root           html;        #    fastcgi_pass   127.0.0.1:9000;        #    fastcgi_index  index.php;        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;        #    include        fastcgi_params;        #}        # deny access to .htaccess files, if Apache's document root        # concurs with nginx's one        #        #location ~ /\.ht {        #    deny  all;        #}    }    # another virtual host using mix of IP-, name-, and port-based configuration    #    #server {    #    listen       8000;    #    listen       somename:8080;    #    server_name  somename  alias  another.alias;    #    location / {    #        root   html;    #        index  index.html index.htm;    #    }    #}    # HTTPS server ssl 配置    #    server {        listen       443 ssl;        # 自己申请的域名        server_name  www.baidu.com;        ssl_certificate      cert/server.crt;        ssl_certificate_key  cert/server.key;        # 一下配置同之前的配置即可        location / {            root   html/dist/;            index  index.html index.htm;            try_files $uri $uri/ /index.html;        }         # 代理服务端接口    location /api/ {           default_type  application/json;           proxy_pass http://ip:9000;           rewrite /api/(.*) /$1 break;           proxy_set_header Host $host;           proxy_set_header X-Real-IP $remote_addr;           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;           proxy_pass_request_headers on;           proxy_next_upstream error timeout;     }}

13 . 可在安装路径中 /usr/local/nginx/sbin 启动,验证是否正确

./nginx

也就是相当于,没有ssl的时候, 配置好代理后可以用验证完毕;
当配置ssl的时候,之前的配置就用不到了,因为ssl是443端口,所以需要全部重新配置;并配置ssl开启 以及证书相关;

总结

至此 已经可以成功通过域名访问到服务器的页面了~~


点击全文阅读


本文链接:http://zhangshiyu.com/post/95586.html

<< 上一篇 下一篇 >>

  • 评论(0)
  • 赞助本站

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

关于我们 | 我要投稿 | 免责申明

Copyright © 2020-2022 ZhangShiYu.com Rights Reserved.豫ICP备2022013469号-1