nginx ssl证书配置
时间:2024-04-16 16:40:44 来源:网络cs 作者:璐璐 栏目:防关联工具 阅读:
文章目录
前言一、ssl证书二、nginx配置ssl证书总结
前言
linux服务器nginx配置ssl证书。
一、ssl证书
需要申请域名,然后域名解析到你的外网服务器ip,然后申请ssl证书,然后下载下来,一般ssl证书可以通过 tomcat nginx等配置;
二、nginx配置ssl证书
更新yumyum update yum
gcc安装 yum -y install gcc gcc-c++ autoconf automake make
其他安装 yum -y install zlib zlib-devel pcre-devel openssl openssl-devel
找个位置下载nginx 例如: /usr/local/src wget https://nginx.org/download/nginx-1.24.0.tar.gz
当前位置解压 tar -zxvf nginx-1.24.0.tar.gz
创建用户组 用户 groupadd nginxuseradd nginx -g nginx -s /sbin/nologin -M
进入解压后的目录 编译nginx并加入ssl 安装 # 配置ssl./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --user=nginx --group=nginx# 安装编译make &&make install
修改nginx文件夹归属 chown -R nginx:nginx /usr/local/nginx
可在安装路径中 /usr/local/nginx/sbin 启动nginx #启动./nginx#重启./nginx -s reload#关闭./nginx -s stop#验证配置nginx.conf正确./nginx -t
访问地址 ip 是否能看到nginx默认页面.ok后,停止nginx下载证书 改名字,上传到nginx的安装目录的conf的cert文件下 默认安装位置为: /usr/local/nginx/conf/cert server.crtserver.key
修改nginx.conf 所在位置为 /usr/local/nginx/conf● 代理vue前端页面
● 代理后端接口为/api/ 去掉此前缀 转发到服务器的9000端口
#user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; location / { # 前端地址在 /usr/local/nginx/html/dist root html/dist/; index index.html index.htm; # 刷新404 try_files $uri $uri/ /index.html; } # 代理服务端接口 location /api/ { default_type application/json; proxy_pass http://ip:9000; rewrite /api/(.*) /$1 break; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_request_headers on; proxy_next_upstream error timeout; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }}
配置证书的完整 nginx.conf #user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; location / { root html/dist/; index index.html index.htm; try_files $uri $uri/ /index.html; } # 代理服务端接口 location /dev-api/ { default_type application/json; proxy_pass http://ip:9000; rewrite /dev-api/(.*) /$1 break; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_request_headers on; proxy_next_upstream error timeout; } # 代理图片服务接口 location /image/ { default_type application/json; rewrite /image/(.*) /$1 break; proxy_pass https://test-lsdj.obs.cn-north-4.myhuaweicloud.com/; proxy_pass_request_headers on; proxy_next_upstream error timeout; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server ssl 配置 # server { listen 443 ssl; # 自己申请的域名 server_name www.baidu.com; ssl_certificate cert/server.crt; ssl_certificate_key cert/server.key; # 一下配置同之前的配置即可 location / { root html/dist/; index index.html index.htm; try_files $uri $uri/ /index.html; } # 代理服务端接口 location /api/ { default_type application/json; proxy_pass http://ip:9000; rewrite /api/(.*) /$1 break; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_request_headers on; proxy_next_upstream error timeout; }}
13 . 可在安装路径中 /usr/local/nginx/sbin 启动,验证是否正确
./nginx
也就是相当于,没有ssl的时候, 配置好代理后可以用验证完毕;
当配置ssl的时候,之前的配置就用不到了,因为ssl是443端口,所以需要全部重新配置;并配置ssl开启 以及证书相关;
总结
至此 已经可以成功通过域名访问到服务器的页面了~~
本文链接:https://www.kjpai.cn/news/2024-04-16/159543.html,文章来源:网络cs,作者:璐璐,版权归作者所有,如需转载请注明来源和作者,否则将追究法律责任!
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
下一篇:返回列表