一、下载nginx压缩包:官网下载地址http://nginx.org/download/,点击进入选择合适自己系统的版本,本机已centos安装nginx-1.9.1.tar.gz压缩包为例。
二、将下载的nginx-1.9.1.tar.gz文件通过ftp等工具上传到centos系统的 /usr/local目录下,cd到该目录运行 ” tar -zxvf nginx-1.9.9.tar.gz “命令解压到该目录,解压成功后发现该目录下多了一个文件夹nginx-1.9.9。
三、cd到nginx-1.9.9目录,运行命令” ./configure –with-http_ssl_module –with-http_stub_status_module ” 进行编译,–后面的参数表示编译时增加ssl模块功能。
四、继续在目录下运行命令 ” make & make install “,等待安装完成,如果是修改nginx,就不需要运行make install,否则会覆盖安装。
五、切换到安装目录 ” cd /usr/local/nginx/conf ” ,运行证书自签生成命令 ” openssl req -new -x509 -nodes -out cert.pem -keyout cert.key -days 999 “,按照提示输入证书相关信息,直到运行完成后会在该目录下生成两个证书文件 cert.pem和cert.key,有效期为999天。运行命令后会弹出一些列输入框和提示,其界面如下:Country Name表示国家名称;State or Province Name表示州或省名称;Organization Name表示组织名称;Common Name表示常用名称,例如您的姓名或服务器的主机名;Email Address表示电子邮件地址。
根据以上信息,生成的证书信息如下:
六、打开ngix.conf配置文件,发现如下关于https的443端口配置代码被注释,复制一份相关server节点代码,手动将其配置好,代码如下:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.pem; //对应前一步生成的证书文件pem
ssl_certificate_key cert.key; //对应前一步生成的证书文件key
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
#root html;
#index index.html index.htm;
proxy_pass http://10.2.1.172:8081; //此处对443端口做了代理,转发到10.2.1.172:8081端口
}
}
}
七、运行nginx启动命令” /usr/local/nginx/sbin/nginx “,若无报错,则访问https://localhost,即可通过nginx转发到http://10.2.1.172:8081上。
八、设置nginx开机自启动:
1、创建/etc/init.d/nginx文件,复制如下内容(这个内容是nginx官方说明文档中提供的)到文件中,修改nginx=”/usr/local/nginx/sbin/nginx” 指向你的nginx启动文件路径,NGINX_CONF_FILE=”/usr/local/nginx/conf/nginx.conf” 指向你的配置文件路径。
#!/bin/sh
#
nginx - this script starts and stops the nginx daemon
#
chkconfig: - 85 15
description: NGINX is an HTTP(S) server, HTTP(S) reverse \
proxy and IMAP/POP3 proxy server
processname: nginx
config: /etc/nginx/nginx.conf
config: /etc/sysconfig/nginx
pidfile: /var/run/nginx.pid
Source function library.
. /etc/rc.d/init.d/functions
Source networking configuration.
. /etc/sysconfig/network
Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0#nginx启动文件路径
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)#nginx.conf配置文件路径
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -
if [ -z "grep $user /etc/passwd" ]; then
useradd -M -s /bin/nologin $user
fi
options=$nginx -V 2>&1 | grep 'configure arguments:'
for opt in $options; do
if [ echo $opt | grep '.*-temp-path' ]; then
value=echo $opt | cut -d "=" -f 2
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
2、保存成功后给nginx文件赋予操作权限:chmod a+x /etc/init.d/nginx 。
3、使用chkconfig命令:chkconfig –add /etc/init.d/nginx 将其加入管理列表。
4、使用如下命令进行操作:
service nginx start //启动nginx
service nginx stop //停止nginx
chkconfig nginx on //设置开机启动
Original: https://www.cnblogs.com/zqhIndex/p/16184672.html
Author: 我若安好,便是晴天
Title: Linux安装nginx并配置ssl自签证书
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/611748/
转载文章受原作者版权保护。转载请注明原作者出处!