标签:config efault 下载文件 rsa 验证配置 col template nbsp aio
最近想把网站加上ssl证书,只能在nginx上使用,就顺便了解下nginx,我用的是centos6.5,开始
切换到root用户,进入存放下载文件的目录 cd /usr/local/src 我是准备下载在这的,可以自己更改
开始下载
[root@localhost src]# wget http://nginx.org/download/nginx-1.10.2.tar.gz [root@localhost src]# wget http://www.openssl.org/source/openssl-fips-2.0.10.tar.gz [root@localhost src]# wget http://zlib.net/zlib-1.2.11.tar.gz [root@localhost src]# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.40.tar.gz
nginx安装
[root@localhost src]# tar zxvf nginx-1.10.2.tar.gz [root@localhost src]# cd nginx-1.10.2 [root@localhost nginx-1.10.2]# ./configure && make && make install
zlib安装
[root@localhost src]# tar zxvf zlib-1.2.11.tar.gz [root@localhost src]# cd zlib-1.2.11 [root@localhost zlib-1.2.11]# ./configure && make && make install
pcre安装
[root@localhost src]# tar zxvf pcre-8.40.tar.gz [root@localhost src]# cd pcre-8.40 [root@localhost pcre-8.40]# ./configure && make && make install
openssl安装
[root@localhost src]# tar zxvf openssl-fips-2.0.10.tar.gz [root@localhost src]# cd openssl-fips-2.0.10 [root@localhost openssl-fips-2.0.10]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module
说明: ./configure --prefix=nginx安装路径 --with-模块
查看nginx安装路径 whereis nginx
nginx的基本操作
启动
[root@localhost ~]# /usr/local/nginx/sbin/nginx
停止/重启
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s stop(quit、reload)
命令帮助
[root@localhost ~]# /usr/local/nginx/sbin/nginx -h
验证配置文件
[root@localhost ~]# /usr/local/nginx/sbin/nginx -t
配置文件
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
vi打开文件后的基本操作
默认vi打开后是不能录入的,需要按键才能操作,具体如下:
开启编辑:按“i”或者“Insert”键
退出编辑:“Esc”键
退出vi:“:q”
保存vi:“:w”
保存退出vi:“:wq”
不保存退出vi:“:q!”
打开nginx的配置文件
vi /usr/local/nginx/conf/nginx.conf
以下是我的配置
server { listen 80; server_name www.hushunwei.com; rewrite ^(.*) https://$host$1 permanent; #http自动跳转到https #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://www.hushunwei.com:9000; //项目原访问路径 root /usr/java/tale/resources/templates/themes/default/; #页面路径 index index.html index.htm; client_max_body_size 1000m; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ #过滤图片 { proxy_pass https://www.hushunwei.com; } location ~ .*\.(js|css)?$ #过滤js和css,避免被拦截 { proxy_pass https://www.hushunwei.com; }
以上就能实现访问9000端口的时候通过nginx转发到80端口,接下来就是我要做的配置ssl
我是购买的阿里云的域名,所以在阿里云申请ssl证书,
配置ssl,以下是我的配置
server { listen 443; server_name www.hushunwei.com; ssl on; ssl_certificate cert/1526657460145.pem; ssl_certificate_key cert/1526657460145.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root /usr/java/tale/resources/templates/themes/default/; index index.html index.htm; client_max_body_size 1000m; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://www.hushunwei.com:9000; } }
[root@localhost ~]# /usr/local/nginx/sbin/nginx
## 5.访问网址
输入网址后自动跳转到https链接
标签:config efault 下载文件 rsa 验证配置 col template nbsp aio
原文地址:https://www.cnblogs.com/hushunwei/p/9188770.html
