Nginx SSL(https)申请配置安装

04/12 13:40
阅读数 49

一:购买阿里云SSL免费服务

    购买成功后提交审核,并且绑定域名,最后下载Key。

二:配置nginx

    参考阿里云帮助文档:

    https://help.aliyun.com/document_detail/98728.html?spm=a2c4g.11186623.2.22.14192242Ejjg3w#concept-n45-21x-yfb

    在nginx中配置ssl

1. 进入nginx目录,cd /usr/local/nginx/conf

2. 创建cert文件夹,mkdir cert        把下载下来的key上传到文件夹中

3. 更改nginx.conf文件

 
user  root;
worker_processes  1;
 
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
 
#pid        logs/nginx.pid;
 
 
events {
    worker_connections  1024;
}
 
 
http {
    #ssi on;
    #ssi_silent_errors on;
    #ssi_types text/shtml;
 
    include       mime.types;
    default_type  application/octet-stream;
    client_max_body_size     50m;
		client_header_timeout    1m;
		client_body_timeout      1m;
		proxy_connect_timeout     60s;
		proxy_read_timeout      1m;
		proxy_send_timeout      1m;
 
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
 
    #access_log  logs/access.log  main;
 
    sendfile        on;
    #tcp_nopush     on;
 
    #keepalive_timeout  0;
    keepalive_timeout  65;
 
    #gzip  on;
 
    server {
        listen       80;
        server_name  yui.com;
 
        #charset koi8-r;
 
        #access_log  logs/host.access.log  main;
 
        location / {
            root   /usr/local/tomcat/cnds/yui-ui;
            index  index.html;
            
            #location ~ .*\.(jpg|jpeg|gif|png|swf|htm|html|json|xml|svg|woff|ttf|eot|map|ico)$ {
						#	expires 10d;
	    			#}
	    			#location ~ .*\.(js|css)?$ {
						#	expires 1h;
	    			#}
	    			location ~* \.(css|js|jpg|jpeg|gif|png|swf|htm|html|json|xml|svg|woff|ttf|eot|map|ico)$ {
							if (-f $request_filename) {
							    break;
							}
	    			}
	    
				    proxy_set_header Host $http_host;
						proxy_set_header X-Real-IP $remote_addr;
						proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
						proxy_set_header X-Forwarded-Proto $scheme;
						proxy_set_header X-NginX-Proxy true;
				    
				    location ^~/sys {
							  proxy_pass       http://127.0.0.1:8802;
						}
						location ^~/general {
							  proxy_pass       http://127.0.0.1:8804;
						}
						location ^~/wxMp {
					    	proxy_pass       http://127.0.0.1:8808;
						}
						location ^~/wxMa {
					    	proxy_pass       http://127.0.0.1:8808;
						}
						location ^~/sched {
					    	proxy_pass       http://127.0.0.1:8806;
						}
						location ^~/ds {
					    	proxy_pass       http://127.0.0.1:8832;
						}
						location ^~/act {
					    	proxy_pass       http://127.0.0.1:8814;
						}
        }
 
        #error_page  404              /404.html;
 
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    
    server {
			 listen 443 default ssl;
			 server_name yui.com;
			 ssl on;
			 #root /usr/local/tomcat/cnds/yui-ui;
			 #index index.html;
			 ssl_certificate   cert/a.pem;
			 ssl_certificate_key  cert/a.key;
			 ssl_session_timeout 5m;
			 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
			 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
			 ssl_prefer_server_ciphers on;
			 location / {
			     root /usr/local/tomcat/cnds/yui-ui;
			 		 index index.html;
			 		 
			 		 location ~* \.(css|js|jpg|jpeg|gif|png|swf|htm|html|json|xml|svg|woff|ttf|eot|map|ico)$ {
							if (-f $request_filename) {
							    break;
							}
	    			}
	    			
	    			proxy_set_header Host $http_host;
						proxy_set_header X-Real-IP $remote_addr;
						proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
						proxy_set_header X-Forwarded-Proto $scheme;
						proxy_set_header X-NginX-Proxy true;
	    
				    location ^~/sys {
					    	proxy_pass       http://127.0.0.1:8802;
						}
						location ^~/general {
					    	proxy_pass       http://127.0.0.1:8804;
						}
						location ^~/wxMp {
					    	proxy_pass       http://127.0.0.1:8808;
						}
						location ^~/wxMa {
					    	proxy_pass       http://127.0.0.1:8808;
						}
						location ^~/sched {
					    	proxy_pass       http://127.0.0.1:8806;
						}
						location ^~/ds {
					    	proxy_pass       http://127.0.0.1:8832;
						}
						location ^~/act {
					    	proxy_pass       http://127.0.0.1:8814;
						}
			 }
		}
 
 
}

重启nginx

三:nginx安装SSL服务

重启nginx可能遇到错误

nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:1

这个时候nginx需要进行安装SSL服务,

以下代码来自博客转发:

https://blog.csdn.net/weiyangdong/article/details/80008543

这里写图片描述

出现如图所示错误,处理办法如下

  1. 去nginx解压目录下执行

    ./configure --with-http_ssl_module

è¿éåå¾çæè¿°

2. 如果报错 ./configure: error: SSL modules require the OpenSSL library.则执行

yum -y install openssl openssl-devel

./configure

./configure --with-http_ssl_module

3. 执行 make(切记不能 make install 会覆盖安装目录)

4. 将原来 nginx 备份

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

5. 将新的 nginx 覆盖旧安装目录

cp objs/nginx /usr/local/nginx/sbin/nginx

è¿éåå¾çæè¿°

如果报错,执行 cp -rfp objs/nginx /usr/local/nginx/sbin/nginx

6. 测试 nginx 是否正确

/usr/local/nginx/sbin/nginx -t

è¿éåå¾çæè¿°

如图最后是测试成功的,之前遇到一个错误是我的SSL证书路径有错,修改后测试通过

 

展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部