导航：首页 > 服务器 >

nginx ssl证书配置

发表于：2025-02-01 作者：千家信息网编辑

千家信息网最后更新 2025年02月01日，1、Nginx安装与配置安装pcre #cd /usr/local/src #yum -y install make zlib zlib-devel gcc-c++ libtool openss

千家信息网最后更新 2025年02月01日nginx ssl证书配置

1、Nginx安装与配置

  安装pcre #cd /usr/local/src #yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel #wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz # tar zxvf pcre-8.35.tar.gz #cd pcre-8.35 # ./configure # make && make install  安装nginx #wget http://nginx.org/download/nginx-1.13.0.tar.gz # tar zxvf nginx-1.13.0.tar.gz  #./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module  --with-pcre=/usr/local/src/pcre-8.35 # make && make install  创建 Nginx 运行使用的用户 www： # groupadd www  # useradd -g www www

配置nginx.conf ，将/usr/local/nginx/conf/nginx.conf替换为以下内容

[root@bogon conf]#  cat /usr/local/nginx/conf/nginx.confuser www www;worker_processes 2; #设置值和CPU核心数一致error_log /usr/local/webserver/nginx/logs/nginx_error.log crit; #日志位置和日志级别pid /usr/local/webserver/nginx/nginx.pid;#Specifies the value for maximum file descriptors that can be opened by this process.worker_rlimit_nofile 65535;events{  use epoll;  worker_connections 65535;}http{  include mime.types;  default_type application/octet-stream;  log_format main  '$remote_addr - $remote_user [$time_local] "$request" '               '$status $body_bytes_sent "$http_referer" '               '"$http_user_agent" $http_x_forwarded_for';  #charset gb2312;       server_names_hash_bucket_size 128;  client_header_buffer_size 32k;  large_client_header_buffers 4 32k;  client_max_body_size 8m;       sendfile on;  tcp_nopush on;  keepalive_timeout 60;  tcp_nodelay on;  fastcgi_connect_timeout 300;  fastcgi_send_timeout 300;  fastcgi_read_timeout 300;  fastcgi_buffer_size 64k;  fastcgi_buffers 4 64k;  fastcgi_busy_buffers_size 128k;  fastcgi_temp_file_write_size 128k;  gzip on;   gzip_min_length 1k;  gzip_buffers 4 16k;  gzip_http_version 1.0;  gzip_comp_level 2;  gzip_types text/plain application/x-javascript text/css application/xml;  gzip_vary on;   #limit_zone crawler $binary_remote_addr 10m; #下面是server虚拟主机的配置 server  {    listen 80;#监听端口    server_name localhost;#域名    index index.html index.htm index.php;    root /usr/local/nginx/html;#站点目录      location ~ .*\.(php|php5)?$    {      #fastcgi_pass unix:/tmp/php-cgi.sock;      fastcgi_pass 127.0.0.1:9000;      fastcgi_index index.php;      include fastcgi.conf;    }    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$    {      expires 30d;  # access_log off;    }    location ~ .*\.(js|css)?$    {      expires 15d;   # access_log off;    }    access_log off;  }}

Nginx 其他命令

以下包含了 Nginx 常用的几个命令：

#/usr/local/nginx/sbin/nginx -t                   #测试nginx配置正确性# /usr/local/nginx/sbin/nginx                     #启动Nginx#/usr/local/nginx/sbin/nginx -s reload            # 重新载入配置文件#/usr/local/nginx/sbin/nginx -s reopen            # 重启 Nginx#/usr/local/nginx/sbin/nginx -s stop              # 停止 Nginx

2、Nginx SSl安装与配置

#yum install openssl -y#yum install openssl-devel -y#cd /usr/local/nginx/ssl#openssl genrsa -des3 -out server.key 1024#openssl req -new -key server.key -out server.csr#openssl rsa -in server.key -out server_nopwd.key#openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt完成上述后，我们在目录下会得到以下文件# lsserver.crt  server.csr  server.key  server_nopwd.key编辑nginx配置文件，加入以下语句#vi nginx.conf      server {        listen       80;        listen       443 ssl;        #开启ssl        server_name  localhost;        ssl_certificate    ssl/server.crt;    #证书配置        ssl_certificate_key ssl/server_nopwd.key;   #证书配置     .....      .....     }重启nginx，这样就生效了

验证