nginx配置https服務
阿新 • • 發佈:2020-07-12
環境:centos7.6
1、檢視nginx是否支援ssl
[root@tool-19 ~]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.18.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module #有ssl表示支援,沒有需要重新編譯安裝
2、帶ssl模組方式安裝nginx
wget http://nginx.org/download/nginx-1.9.9.tar.gz tar -zxvf nginx-1.9.9.tar.gz cd nginx-1.9.9 ./configure --prefix=/usr/local/nginx --with-http_ssl_module make make install
3、修改配置檔案
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; #app後端服務 upstream app{ server 192.168.10.10; }
#app2後端服務
upstream app2{
server 192.168.10.11;
}
# HTTPS server # server { listen 443 ssl; server_name www.yuming.com; #ssl域名 ssl_certificate/usr/local/nginx/ssl_key/4196440_ezc.chinapopin.com.pem; #ssl的pem證書路徑 ssl_certificate_key /usr/local/nginx/ssl_key/4196440_ezc.chinapopin.com.key; #ssl的key證書路徑 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://app; #對應app服務 } location /app2 { proxy_pass http://app2; #對應app2服務 } } }
4、配置服務並啟動
[root@localhost ]# cat << EOF > /lib/systemd/system/nginx.service #建立Nginx服務系統啟動檔案 [Unit] Description=nginx After=network.target [Service] Type=forking ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target EOF systemctl daemon-reload && systemctl start nginx && \ systemctl enable nginx && systemctl status nginxView Code
5、驗證
ie瀏覽器 https://www.yuming.com --返回192.168.1.10 的網站 https://www.yuming.com/app2 --返回192.168.1.11 的網站