nginxssl证书配置
1、Nginx安装与配置
成都创新互联公司专注于企业全网营销推广、网站重做改版、高密网站定制设计、自适应品牌网站建设、html5、购物商城网站建设、集团公司官网建设、外贸营销网站建设、高端网站制作、响应式网页设计等建站业务,价格优惠性价比高,为高密等各大城市提供网站开发制作服务。
安装pcre #cd /usr/local/src #yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel #wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz # tar zxvf pcre-8.35.tar.gz #cd pcre-8.35 # ./configure # make && make install 安装nginx #wget http://nginx.org/download/nginx-1.13.0.tar.gz # tar zxvf nginx-1.13.0.tar.gz #./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.35 # make && make install 创建 Nginx 运行使用的用户 www: # groupadd www # useradd -g www www
配置nginx.conf ,将/usr/local/nginx/conf/nginx.conf替换为以下内容
[root@bogon conf]# cat /usr/local/nginx/conf/nginx.conf user www www; worker_processes 2; #设置值和CPU核心数一致 error_log /usr/local/webserver/nginx/logs/nginx_error.log crit; #日志位置和日志级别 pid /usr/local/webserver/nginx/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; #charset gb2312; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #limit_zone crawler $binary_remote_addr 10m; #下面是server虚拟主机的配置 server { listen 80;#监听端口 server_name localhost;#域名 index index.html index.htm index.php; root /usr/local/nginx/html;#站点目录 location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ { expires 30d; # access_log off; } location ~ .*\.(js|css)?$ { expires 15d; # access_log off; } access_log off; } }
Nginx 其他命令
以下包含了 Nginx 常用的几个命令:
#/usr/local/nginx/sbin/nginx -t #测试nginx配置正确性 # /usr/local/nginx/sbin/nginx #启动Nginx #/usr/local/nginx/sbin/nginx -s reload # 重新载入配置文件 #/usr/local/nginx/sbin/nginx -s reopen # 重启 Nginx #/usr/local/nginx/sbin/nginx -s stop # 停止 Nginx
2、Nginx SSl安装与配置
#yum install openssl -y #yum install openssl-devel -y #cd /usr/local/nginx/ssl #openssl genrsa -des3 -out server.key 1024 #openssl req -new -key server.key -out server.csr #openssl rsa -in server.key -out server_nopwd.key #openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt 完成上述后,我们在目录下会得到以下文件 # ls server.crt server.csr server.key server_nopwd.key 编辑nginx配置文件,加入以下语句 #vi nginx.conf server { listen 80; listen 443 ssl; #开启ssl server_name localhost; ssl_certificate ssl/server.crt; #证书配置 ssl_certificate_key ssl/server_nopwd.key; #证书配置 ..... ..... } 重启nginx,这样就生效了
验证
文章名称:nginxssl证书配置
网站链接:http://pcwzsj.com/article/iiejjj.html