使用nginx在linux配置https詳細步驟
阿新 • • 發佈:2021-01-30
1.首先確認安裝nginx 和 openssl
執行nginx -v 和 openssl version
2. 生成祕鑰key,執行:
建立一個生成檔案的目錄
cd /etc/nginx/
mkdir ssl_key
然後執行金鑰key
openssl genrsa -des3 -out server.key 2048
3.建立伺服器證書的申請檔案server.csr,執行:
這裡會需要輸入一些基本資訊,隨便輸入即可,例如都可以輸入你的英文名字
openssl req -new -key server.key -out server.csr
4.建立CA證書:
這裡會需要輸入一些基本資訊,隨便輸入即可,例如都可以輸入你的英文名字
openssl req -new -x509 -key server.key -out ca.crt -days 3650
5.建立自當前日期起有效期為期十年的伺服器證書server.crt:
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
6.然後可以檢視生成的資料夾下的檔案
ls你的資料夾,可以看到一共生成了5個檔案
ca.crt ca.srl server.crt server.csr server.key
就是你的nginx需要的證書檔案.
7.重要步驟:配置nginx.config
進入 vi nginx.config 修改 http 下的server
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
log_format main '[$time_local] "$request" $remote_addr - $remote_user'
'$status $body_bytes_sent '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
gzip on;
gzip_min_length 2k;
gzip_buffers 32 16k;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
charset utf-8;
server_names_hash_bucket_size 512;
server {
#監聽443埠
listen 443;
#你的域名
server_name 127.0.0.1;
ssl on;
ssl_certificate /etc/nginx/ssl_key/server.crt;#配置證書位置
ssl_certificate_key /etc/nginx/ssl_key/server.key;#配置祕鑰位置
}
}
8.然後啟動
cd /etc/nginx
#進入目錄, 執行
sudo nginx -c /etc/nginx/nginx.conf
#然後重啟nginx
nginx -s reload
#通過檢視程序,可殺掉之前的nginx
ps -ef|grep nginx
9.如果配置之前的專案 加location /{}內容即可
下面的是我自己配置好的nginx.conf,當然 server 可以配置多個
user into;
worker_processes 2;
error_log /var/log/nginx/error.log;
#pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
worker_connections 65535;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
log_format main '[$time_local] "$request" $remote_addr - $remote_user'
'$status $body_bytes_sent '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
gzip on;
gzip_min_length 2k;
gzip_buffers 32 16k;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
charset utf-8;
server_names_hash_bucket_size 512;
server {
#監聽443埠
listen 443;
#你的域名
server_name 127.0.0.1;
ssl on;
ssl_certificate /etc/nginx/ssl_key/server.crt;#配置證書位置
ssl_certificate_key /etc/nginx/ssl_key/server.key;#配置祕鑰位置
location / {
# try_files $uri $uri/ /index.html break;
try_files $uri $uri/ /index.html;
index index.html;
root /home/into/app/master/front/dist/;
}
location /modeler.html {
proxy_set_header Host $host:8866;
proxy_pass http://127.0.0.1:8844;
}
location /editor-app {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /swagger-ui.html {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /swagger-resources {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /swagger {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /webjars {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /v2 {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /druid {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /doc {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /xboot/ {
proxy_set_header Host $host:8866;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8844;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /store/ {
alias /home/into/app/run/store/;
}
}
}