CentOS使用nginx部署https服务

时间:2022-06-01 19:36:27

nginx安装参考:https://www.cnblogs.com/taiyonghai/p/6728707.html

自签证书生成参考:https://gmd20.github.io/blog/openssl%E7%94%9F%E6%88%90RSA%E5%92%8C%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%8A%A0%E5%AF%86%E5%85%AC%E9%92%A5%E5%AF%86%E9%92%A5%E5%88%9B%E5%BB%BA%E6%A0%B9CA%E7%AD%BE%E5%90%8DHTTPS%E6%9C%8D%E5%8A%A1%E5%99%A8%E8%AF%81%E4%B9%A6%E7%AD%BE%E5%90%8D/

一:Nginx 安装

openssl安装

[root@localhost src]# tar zxvf openssl-fips-2.0.10.tar.gz
省略安装内容...

[root@localhost src]# cd openssl-fips-2.0.10

[root@localhost openssl-fips-2.0.10]# ./config && make && make install
省略安装内容...

pcre安装

[root@localhost src]# tar zxvf pcre-8.40.tar.gz
省略安装内容...

[root@localhost src]# cd pcre-8.40

[root@localhost pcre-8.40]# ./configure && make && make install
省略安装内容...

zlib安装

[root@localhost src]# tar zxvf zlib-1.2.11.tar.gz
省略安装内容...

[root@localhost src]# cd zlib-1.2.11

[root@localhost zlib-1.2.11]# ./configure && make && make install
省略安装内容...

SSL模块安装

[root@localhost src]# yum install openssl-devel
省略安装内容...

nginx安装

[root@localhost src]# tar zxvf nginx-1.10.2.tar.gz
省略安装内容...

[root@localhost src]# cd nginx-1.10.2

[root@localhost nginx-1.10.2]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module && make && make install
省略安装内容...

 

 

二、证书和私钥的生成

注意:将生成的服务器证书和私钥, 拷贝到/usr/local/nginx/conf/目录下, 测试可以使用自签证书。使用openssl自签即可。

建议使用ECC加密证书

[root@localhost conf]# ls -al
total 84
drwxr-xr-x.  3 root root 4096 Apr  5 15:29 .
drwxr-xr-x. 11 root root  151 Apr  5 13:34 ..
省略
-rw-r--r--.  1 root root  615 Apr  5 15:29 server.crt
-rw-r--r--.  1 root root  302 Apr  5 15:29 server.key
省略

三、配置文件

1.下面为配置文件 /usr/local/nginx/conf/nginx.conf  , 将HTTPS部分的server配置注释去掉,并设置正确的证书证书和私钥

[root@localhost conf]# cat nginx.conf

#user  nobody;

worker_processes  1;

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {

worker_connections  1024;

}

http {

include       mime.types;

default_type  application/octet-stream;

#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

#                  '$status $body_bytes_sent "$http_referer" '

#                  '"$http_user_agent" "$http_x_forwarded_for"';

#access_log  logs/access.log  main;

sendfile        on;

#tcp_nopush     on;

#keepalive_timeout  0;

keepalive_timeout  65;

#gzip  on;

server {

listen       80;

server_name  localhost;

#charset koi8-r;

#access_log  logs/host.access.log  main;

location / {

root   html;

index  index.html index.htm;

}

#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html

#

error_page   500 502 503 504  /50x.html;

location = /50x.html {

root   html;

}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80

#

#location ~ \.php$ {

#    proxy_pass   http://127.0.0.1;

#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

#

#location ~ \.php$ {

#    root           html;

#    fastcgi_pass   127.0.0.1:9000;

#    fastcgi_index  index.php;

#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

#    include        fastcgi_params;

#}

# deny access to .htaccess files, if Apache's document root

# concurs with nginx's one

#

#location ~ /\.ht {

#    deny  all;

#}

}

# another virtual host using mix of IP-, name-, and port-based configuration

#

server {

listen       8000;

#    listen       somename:8080;

#    server_name  somename  alias  another.alias;

location / {

root   html;

index  index.html index.htm;

}

}

# HTTPS server

#

server {

listen       443 ssl;

server_name  localhost;

ssl_certificate      server.crt;

ssl_certificate_key  server.key;

ssl_session_cache    shared:SSL:1m;

ssl_session_timeout  5m;

ssl_ciphers  HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers  on;

location / {

root   html;

index  index.html index.htm;

}

}

}

四、开启nginx 服务器

 

开启nginx服务器 和查看服务器状态

[root@localhost conf]# /usr/local/nginx/sbin/nginx

[root@localhost conf]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

 

关闭nginx 服务器

[root@localhost conf]# ps -aux | grep nginx

root     11821  0.0  0.0  46936  1168 ?        Ss   15:29   0:00 nginx: master process ./nginx

nobody   11822  0.0  0.0  49552  3552 ?        S    15:29   0:00 nginx: worker process

root     12229  0.0  0.0 112712   972 pts/0    S+   17:19   0:00 grep --color=auto nginx

[root@localhost conf]# kill 11821

[root@localhost conf]# ps -aux | grep nginx

root     12231  0.0  0.0 112712   968 pts/0    S+   17:19   0:00 grep --color=auto nginx

五、关闭CentOS防火墙

 

关闭CentOS防火墙

 

[root@localhost conf]#

[root@localhost conf]# systemctl stop firewalld

[root@localhost conf]#

[root@localhost conf]# systemctl disable  firewalld

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

六:客户端测试访问

大功告成:

CentOS使用nginx部署https服务

相关文章