zoukankan      html  css  js  c++  java
  • Nginx server之Nginx添加ssl支持

    //环境介绍

    1.nginx服务器:10.10.54.157

    2.配置nginx服务器,当监听到来自客户端www.zijian.com:80请求时,转到10.10.54.150:1500这个web服务器上

    3.配置nginx服务器支持ssl加密传输协议

    //生成nginx服务器需要的证书文件

    1.创建网站证书存放目录
    shell> mkdir /usr/local/nginx/conf/ssl
    shell> cd /usr/local/nginx/conf/ssl
    
    2.制作CA证书
    shell> openssl genrsa -des3 -out ca.key 2048
    shell> openssl req -new -x509 -days 7305 -key ca.key -out ca.crt
    
    3.生成nginx服务器所需证书,并用CA签名
    shell> openssl genrsa -des3 -out client.key 1024
    shell> openssl req -new -key client.key -out client.csr
    shell> openssl x509 -req -in client.csr -out client.pem -signkey client.key -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650
    
    4.查看证书文件
    shell> pwd
    /usr/local/nginx/conf/ssl
    shell> ls
    ca.crt  ca.key  ca.srl  client.csr  client.key  client.pem
    

      //配置nginx支持ssl传输协议

    shell> vim /usr/local/nginx/conf/nginx.conf
    ------------------------------------------------
    user  apache apache;
    worker_processes  2;
    error_log  logs/error_nginx.log;
    pid        logs/nginx.pid;
    events {
        worker_connections  1024;
    }
    
    http {
            include       mime.types;
            default_type  application/octet-stream;
            log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
            access_log  logs/access_nginx.log  main;
            sendfile        on;
            tcp_nopush      on;
            keepalive_timeout  65;
            gzip  on;
    
    server {
            listen       443;
            server_name  www.zijian.com;
             charset uft-8;
             access_log logs/www.access.log main;
             root /var/www/html;
             location / {
             index index.html index.htm;
              }
    
             ssl                  on;
             ssl_certificate      /usr/local/nginx/conf/ssl/client.pem;
             ssl_certificate_key  /usr/local/nginx/conf/ssl/client.key;
    
          }
    }
    --------------------------------------------------------
    
    #上面的配置只支持https://www.zijian.com 访问,因为监听端口只开了443端口,普通的http协议的80端口并未开放
    #要开放http和https,再加上下面这一条server
    ------------------------------------------------
    server {
            listen       80;
            server_name  www.zijian.com;
             charset uft-8;
             access_log logs/www.access.log main;
             root /var/www/html;
             location / {
             proxy_pass http://10.10.54.150:1500;
              }
          }
          
    #当用户使用http协议浏览该网站时,自动跳转到10.10.54.150:1500上
    ------------------------------------------------
    

      

  • 相关阅读:
    12. nc/netcat 用法举例
    7. 由一道ctf学习变量覆盖漏洞
    11. 几点基于Web日志的Webshell检测思路
    约瑟夫环
    栈结构的经典算法题
    二叉查找树之二
    fork与vfork
    数组常见算法题
    赛马问题
    fibonacci 数列及其应用
  • 原文地址:https://www.cnblogs.com/chjbbs/p/6802923.html
Copyright © 2011-2022 走看看