Nginx如何配置ssl实现https
一、安装 Nginx ssl 模块
1.检查
检查是否已安装 ssl 模块:
cd /usr/local/nginx/sbin ./nginx -V
[root@server-c00ef8c3-710d-4708-9cde-2c864e7c03e2 sbin]# ./nginx -V nginx version: nginx/1.21.4 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) configure arguments: --prefix=/usr/local/nginx
如果没出现 configure arguments: --with-http_ssl_module 说明没有安装。
2.安装
cd /usr/local/nginx-1.21.4 ./configure --prefix=/usr/local/nginx --with-http_ssl_module make cp ./objs/nginx /usr/local/nginx/sbin/
3.再次检查
再次检查是否已安装 ssl 模块:
cd /usr/local/nginx/sbin ./nginx -V
[root@server-c00ef8c3-710d-4708-9cde-2c864e7c03e2 sbin]# ./nginx -V nginx version: nginx/1.21.4 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module
二、部署 ssl 证书
将申请好的 ssl 证书拷贝至 cert 目录下:
三、配置 nginx.conf
cd /usr/local/nginx/conf vi nginx.conf
新增 https server 配置:
#管理端https server { listen 443 ssl; server_name admin-xxxxx.xxx.xxx; ssl_certificate ../cert/server.crt; ssl_certificate_key ../cert/server.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_pass http://localhost:10003; } }
四、重启 Nginx
/usr/local/nginx/sbin/nginx -s reload
或
ps -ef|grep nginx kill xxx /usr/local/nginx/sbin/nginx
补充:如果 80 端口被占用,用kill [id]来结束进程:
# 查看端口使用 $ netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 21307/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 3072/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0???? LISTEN 21307/nginx: master
# 结束 80 端口进程
$ kill 21307
再次重启 nginx :
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
以上就是Nginx如何配置ssl实现https的详细内容,更多请关注其它相关文章!