zoukankan      html  css  js  c++  java

  • ssl + nginx + tomcat 部署方案

    安装make

    yum -y install gcc automake autoconf libtool make

    安装g++

    yum install gcc gcc-c++

    安装PCRE

    cd /usr/local/src
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz 
tar -zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure
make
make install

    安装zlib

    cd /usr/local/src
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure
make
make install

    安装ssl

    cd /usr/local/src
wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
tar -zxvf openssl-1.0.1c.tar.gz

    安装nginx

    cd /usr/local/src
wget http://nginx.org/download/nginx-1.4.2.tar.gz
tar -zxvf nginx-1.4.2.tar.gz
cd nginx-1.4.2
./configure --sbin-path=/usr/local/nginx/nginx 
--conf-path=/usr/local/nginx/nginx.conf 
--pid-path=/usr/local/nginx/nginx.pid 
--with-http_ssl_module 
--with-pcre=/usr/local/src/pcre-8.34 
--with-zlib=/usr/local/src/zlib-1.2.8 
--with-openssl=/usr/local/src/openssl-1.0.1c
    #--with-pcre=/usr/src/pcre-8.34 指的是pcre-8.34 的源码路径。
    #--with-zlib=/usr/src/zlib-1.2.7 指的是zlib-1.2.7 的源码路径。
make
make install

    安装成功后 自动生成nginx目录

    /usr/local/nginx

    启动nginx

    /usr/local/nginx/nginx

    关闭nginx

    /usr/local/nginx/stop_nginx

#!/bin/bash
kill -9 $(ps -ef | grep nginx | grep -v grep | awk '{print $2}')

    验证效果

    打开浏览器访问此机器的 IP,如果浏览器出现 Welcome to nginx! 则表示 Nginx 已经安装并运行成功。

    通过https访问

    安装openssl和openssl-devel

    #yum install openssl
#yum install openssl-devel

    颁发证书

    #mkdir /usr/local/nginx/ssl
    #cd /usr/local/nginx/ssl
#openssl genrsa -des3 -out server.key 1024
#openssl req -new -key server.key -out server.csr
#openssl rsa -in server.key -out server_nopwd.key
#openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt

    配置nginx.conf

     server {
        #listen       80;
        listen 443;
        server_name  localhost;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        ssl on;
        ssl_certificate /usr/local/nginx/conf/server.crt;
        ssl_certificate_key /usr/local/nginx/conf/server.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers on;

    重启nginx

    注:如果出现“[emerg] 10464#0: unknown directive "ssl" in /usr/local/nginx-0.6.32/conf/nginx.conf:74”则说明没有将ssl模块编译进nginx,在configure的时候加上“--with-http_ssl_module”
  • 相关阅读:
    SpringBoot学习之@Configuration注解和@Bean注解
    @EnableTransactionManagement的使用
    @ENABLECACHING 基于注解的缓存
    SpringBoot热部署的两种方式
    日志组件slf4j介绍及配置详解
    springboot(十)使用LogBack作为日志组件
    springboot(11)使用SpringBoot validator进行数据验证
    界面控件DevExpress发布v18.2.5|附下载
    DevExpress WinForms使用教程:WinForms Sunburst控件
    DevExpress ASP.NET v18.2新功能详解(一)
  • 原文地址:https://www.cnblogs.com/Javame/p/5072405.html
Copyright © 2011-2022 走看看