zoukankan      html  css  js  c++  java

  • 编译Nginx, 并使用自签证书实现https访问

    1. 编译安装nginx1.8.1

    [root@centos7 nginx-1.8.1]# ./configure --prefix=/usr/local/nginx.1.8.1 --with-http_stub_status_module --with-http_ssl_module
[root@centos7 nginx-1.8.1]# make && make install
[root@centos7 nginx-1.8.1]# export PATH=$PATH:/usr/local/nginx.1.8.1/sbin
[root@centos7 ~]# echo "export PATH=$PATH:/usr/local/nginx.1.8.1/sbin" > /etc/profile.d/nginx.sh 
[root@centos7 ~]# grep nginx /etc/man_db.conf 
MANPATH_MAP /usr/local/nginx.1.8.1/sbin	/usr/local/nginx.1.8.1/man
[root@centos7 ~]# mkdir -p /usr/local/nginx.1.8.1/man/man8/
[root@centos7 ~]# cp /home/Allen/nginx-1.8.1/man/nginx.8 /usr/local/nginx.1.8.1/man/man8/

    2. nginx加入systemd管理

    [root@centos7 nginx-1.8.1]# vim /etc/systemd/system/nginx.service
[Unit]
Description=nginx server daemon
Documentation=man:nginx(8)
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx.1.8.1/sbin/nginx
ExecReload=/usr/local/nginx.1.8.1/sbin/nginx -s reload
ExecStop=/usr/local/nginx.1.8.1/sbin/nginx -s quit
#PrivateTmp=true

[Install]
WantedBy=multi-user.target

[root@centos7 nginx-1.8.1]# systemctl daemon-reload

    3. 证书自签名

    [root@centos7 ~]# vim req.cnf
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = EN
ST = Beijing
L = Beijing
O = jzbg
OU = Ops
CN = www.jzbg.com
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = www.jzbg.com

[root@centos7 ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/nginx.1.8.1/ssl/private.key -out /usr/local/nginx.1.8.1/ssl/nginx.crt -config req.cnf -sha256

    4. 配置nginx

    [root@centos7 ~]# vim /usr/local/nginx.1.8.1/conf/nginx.conf
server {
    listen       19972 ssl;
    server_name  www.jzbg.com;

    ssl on;
    ssl_certificate      /usr/local/nginx.1.8.1/ssl/nginx.crt;
    ssl_certificate_key  /usr/local/nginx.1.8.1/ssl/private.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    location / {
        root   html;
        error_page   500 502 503 504  /50x.html;
        index  index.html index.htm;
    }
}

    5. 启动nginx

    [root@centos7 nginx-1.8.1]# systemctl start nginx
[root@centos7 nginx-1.8.1]# ss -ant | grep 19972
LISTEN     0      128          *:19972                    *:*

    此时访问会出现如下问题

    6. 在Windows中导入证书

    7. 测试效果

    正常访问,不报证书错误
  • 相关阅读:
    第 1 章 Java 设计模式介绍
    Java 随心笔记1
    在Editplus中配置java编译(javac)和运行(java)的方法
    RabbitMQ/JAVA 客户端连接测试
    CentOS上的RabbitMQ安装
    AMQP与RabbitMQ简介
    Mongodb学习教程汇总
    selenium+python之iframe学习笔记
    selenium 上传文件,非input标签,安装pyuserinput
    selenium+python之元素定位的八种方法
  • 原文地址:https://www.cnblogs.com/jzbgltb/p/9967069.html
Copyright © 2011-2022 走看看