zoukankan      html  css  js  c++  java
  • nginx配置https证书

    一,配置流程

    1,准备证书文件

    本人以阿里云服务器下载的免费证书资源包为例(每个账号可申请一年的免费证书):

    5131387_www.goking.site.key
    
    5131387_www.goking.site.pem

    2,在nginx安装目录下创建证书文件夹cert,并把两个证书文件放到里面

    cd /usr/local/nginx/conf
    
    mkdir cert

    如图把证书放到 /usr/local/nginx/conf/cert下

     3,修改nginx.conf文件,增加https配置项

    server {
            listen 443 ssl;
            server_name www.goking.site;
            ssl_certificate cert/5131387_www.goking.site.pem;
            ssl_certificate_key cert/5131387_www.goking.site.key;
    
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
            ssl_prefer_server_ciphers on;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
            location / {
               proxy_pass   http://127.0.0.1:80;
               # root   html;
               # index  index.html index.htm;
            }
        }

    4,保存配置文件,重启nginx

    /user/local/nginx/sbin/nginx -s reload

    5,如果使用的是阿里云服务器,请打开对外端口443

    6,https已配置成功!

    二,问题总结

    启动nginx时,报错如下:

    nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:37

    需要Nginx开启SSL模块,解决如下:

    1,进入nginx源码包文件夹

    cd /usr/local/nginx-1.16.1/

    2, 查看nginx已开启的模块

    /usr/local/nginx/sbin/nginx -V

    下图是我已开启后的,未开启的没有 --with-http_ssl_module

     3,增加configure参数如下,确认目录并执行

    ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

    4,进行编译

    make

    5,拷贝源码编译后的nginx,并先进行备份

    cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
    
    cp ./objs/nginx /usr/local/nginx/sbin/

    6,查看是否添加成功

    /usr/local/nginx/sbin/nginx -V

     7,重启nginx,ok

    /user/local/nginx/sbin/nginx -s reload

    三,贴出配置的nginx.conf

    以下仅为简单配置,覆盖以下知识点:

    1,log日志自定义格式化

    2,PHP配置项

    3,http、https域名配置

    4,nginx代理转发

    nginx.conf配置文件如下:

    #user  nobody;
    worker_processes  1;
    
    #error_log  logs/error.log;
    #error_log  logs/error.log  notice;
    #error_log  logs/error.log  info;
    
    #pid        logs/nginx.pid;
    
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
        #                  '$status $body_bytes_sent "$http_referer" '
        #                  '"$http_user_agent" "$http_x_forwarded_for"';
        
        log_format json_combined escape=json '{"@timestamp":"$time_iso8601",'
                          '"@source":"$server_addr",'
                          '"@nginx_fields":{'
                          '"remote_addr":"$remote_addr",'
                          '"remote_user":"$remote_user",'
                          '"body_bytes_sent":"$body_bytes_sent",'
                          '"request_time":"$request_time",'
                          '"status":"$status",'
                          '"host":"$host",'
                          '"uri":"$uri",'
                          '"server":"$server_name",'
                          '"port":"$server_port",'
                          '"protocol":"$server_protocol",'
                          '"request_uri":"$request_uri",'
                          '"request_body":"$request_body",'
                          '"request_method":"$request_method",'
                          '"http_referrer":"$http_referer",'
                          '"body_bytes_sent":"$body_bytes_sent",'
                          '"http_x_forwarded_for":"$http_x_forwarded_for",'
                          '"http_user_agent":"$http_user_agent",'
                          '"upstream_response_time":"$upstream_response_time",'
                          '"upstream_addr":"$upstream_addr"}}';
        access_log  logs/access.log  json_combined;
    
        sendfile        on;
        #tcp_nopush     on;
    
        #keepalive_timeout  0;
        keepalive_timeout  65;
    
        #gzip  on;
    
        server {
            listen       80;
            server_name  localhost;
    
            #charset koi8-r;
    
            #access_log  logs/host.access.log  main;
    
            location / {
                root   /var/www/html;
                index  index.html index.htm index.php;
                try_files $uri $uri/ /napir-cms/index.html;
            }
            location /crm {
                rewrite  ^.+crm/?(.*)$ /$1 break;
                proxy_pass  http://103.228.204.49:8089/ISV/CrmInsideService.svc;
            }
    
            #error_page  404              /404.html;
    
            # redirect server error pages to the static page /50x.html
            #
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
    
            # proxy the PHP scripts to Apache listening on 127.0.0.1:80
            #
            #location ~ .php$ {
            #    proxy_pass   http://127.0.0.1;
            #}
    
            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
            #location /forum {
            #    try_files $uri $uri/ /forum/index.php;
            #}
            location ~* .php$ {
                #root           html;
                root   /var/www/html;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                include        fastcgi_params;
                fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
                #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            }
    
            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /.ht {
            #    deny  all;
            #}
        }
    
    
        # another virtual host using mix of IP-, name-, and port-based configuration
        #
        #server {
        #    listen       8000;
        #    listen       somename:8080;
        #    server_name  somename  alias  another.alias;
    
        #    location / {
        #        root   html;
        #    nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/nginx/conf/nginx.conf:108    index  index.html index.htm;
        #    }
        #}
    
    
        # HTTPS server
        server {
            #listen 80 default backlog=2048;
            listen 443 ssl;
            #ssl on;
            server_name www.goking.site;
            #root /var/www/html;
    
            ssl_certificate cert/5131387_www.goking.site.pem;
            ssl_certificate_key cert/5131387_www.goking.site.key;
    
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
            ssl_prefer_server_ciphers on;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 10m;
            location / {
               proxy_pass   http://127.0.0.1:80;
               # root   html;
               # index  index.html index.htm;
            }
            location /forum {
                try_files $uri $uri /forum/index.php;
            }
            location ~* .php$ {
                root   /var/www/html;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                include        fastcgi_params;
                fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
            }
        }
    }

      

  • 相关阅读:
    ODOO开发-Pycharm开启debug模式
    pycharm开启debug模式报错汇总
    星辉Odoo模型开发教程4-常用字段属性
    星辉Odoo模型开发教程3-创建字段
    Business Object 开发
    Ubuntu安装masscan的两种方式
    HFish 蜜罐搭建测试
    【转】如何超过大多数人
    【译】13款入侵检测系统介绍
    【译】修复Ubuntu软件安装的锁文件问题
  • 原文地址:https://www.cnblogs.com/front-web/p/14357402.html
Copyright © 2011-2022 走看看