nginxssl证书配置-创新互联
1、Nginx安装与配置
创新互联公司坚持“要么做到,要么别承诺”的工作理念,服务领域包括:网站设计、成都网站制作、企业官网、英文网站、手机端网站、网站推广等服务,满足客户于互联网时代的嵊州网站设计、移动媒体设计的需求,帮助企业找到有效的互联网解决方案。努力成为您成熟可靠的网络建设合作伙伴! 安装pcre #cd /usr/local/src #yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel #wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz # tar zxvf pcre-8.35.tar.gz #cd pcre-8.35 # ./configure # make && make install 安装nginx #wget http://nginx.org/download/nginx-1.13.0.tar.gz # tar zxvf nginx-1.13.0.tar.gz #./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.35 # make && make install 创建 Nginx 运行使用的用户 www: # groupadd www # useradd -g www www配置nginx.conf ,将/usr/local/nginx/conf/nginx.conf替换为以下内容
[root@bogon conf]# cat /usr/local/nginx/conf/nginx.conf user www www; worker_processes 2; #设置值和CPU核心数一致 error_log /usr/local/webserver/nginx/logs/nginx_error.log crit; #日志位置和日志级别 pid /usr/local/webserver/nginx/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; #charset gb2312; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #limit_zone crawler $binary_remote_addr 10m; #下面是server虚拟主机的配置 server { listen 80;#监听端口 server_name localhost;#域名 index index.html index.htm index.php; root /usr/local/nginx/html;#站点目录 location ~ .*\.(php|php5)?$ { #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ { expires 30d; # access_log off; } location ~ .*\.(js|css)?$ { expires 15d; # access_log off; } access_log off; } }Nginx 其他命令
以下包含了 Nginx 常用的几个命令:
#/usr/local/nginx/sbin/nginx -t #测试nginx配置正确性 # /usr/local/nginx/sbin/nginx #启动Nginx #/usr/local/nginx/sbin/nginx -s reload # 重新载入配置文件 #/usr/local/nginx/sbin/nginx -s reopen # 重启 Nginx #/usr/local/nginx/sbin/nginx -s stop # 停止 Nginx2、Nginx SSl安装与配置
#yum install openssl -y #yum install openssl-devel -y #cd /usr/local/nginx/ssl #openssl genrsa -des3 -out server.key 1024 #openssl req -new -key server.key -out server.csr #openssl rsa -in server.key -out server_nopwd.key #openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt 完成上述后,我们在目录下会得到以下文件 # ls server.crt server.csr server.key server_nopwd.key 编辑nginx配置文件,加入以下语句 #vi nginx.conf server { listen 80; listen 443 ssl; #开启ssl server_name localhost; ssl_certificate ssl/server.crt; #证书配置 ssl_certificate_key ssl/server_nopwd.key; #证书配置 ..... ..... } 重启nginx,这样就生效了验证
另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
本文名称:nginxssl证书配置-创新互联
文章路径:http://hbruida.cn/article/ddpshe.html