【一】nginx安装
nginx安装带ssl扩展:
cd /usr/local/src #进入用户目录
wget http://nginx.org/download/nginx-1.15.0.tar.gz #下载最新版本nginx
tar -zxvf nginx-1.15.0.tar.gz #解压
cd nginx-1.15.0 #进入目录
./configure --prefix=/opt/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-http_realip_module --with-http_image_filter_module #检测
说明--prefix 指定安装目录
make #编译
make install #安装
安装服务实现自启动:
#vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/opt/nginx/sbin/nginx
ExecReload=/opt/nginx/sbin/nginx -s reload
ExecStop=/opt/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
#chmod 754 /lib/systemd/system/nginx.service
#systemctl start nginx.service
#systemctl enable nginx.service
常用命令:启动nginx服务
/opt/nginx/sbin/nginx
常用命令:平滑重启nginx
/opt/nginx/sbin/nginx -s reload
【二】nginx配置ssl
cd / #找到根目录
find -name nginx.conf #查找nginx.conf的配置文件
vi /opt/nginx/conf/nginx.conf
upstream hello{
server 127.0.0.1:3000;
}
server {
listen 80;
server_name ssl.22.cn;
rewrite ^(.*)$ https://$host$1 permanent; #http强制跳转https
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://hello; #代理
}
}
# HTTPS server
server {
listen 443 ssl;
server_name ssl.22.cn;
ssl_certificate key/ssl.22.cn_ssl.crt; #证书
ssl_certificate_key key/ssl.22.cn_ssl.key; #私钥
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://hello;
}
}
【三】如何生成证书?
上 https://ssl.22.cn 申请个免费证书