20-Nginx配置SSL证书提供HTTPS访问

2022-10-04 23:47:20 浏览数 (1)

Nginx配置SSL证书提供HTTPS访问

安装SSL模块

进入software文件夹中的Nginx文件夹

代码语言:javascript复制
cd /home/software/nginx-1.16.1/

配置SSL模块

代码语言:javascript复制
./configure 
--prefix=/usr/local/nginx 
--pid-path=/var/run/nginx/nginx.pid 
--lock-path=/var/lock/nginx.lock 
--error-log-path=/var/log/nginx/error.log 
--http-log-path=/var/log/nginx/access.log 
--with-http_gzip_static_module 
--http-client-body-temp-path=/var/temp/nginx/client 
--http-proxy-temp-path=/var/temp/nginx/proxy 
--http-fastcgi-temp-path=/var/temp/nginx/fastcgi 
--http-uwsgi-temp-path=/var/temp/nginx/uwsgi 
--http-scgi-temp-path=/var/temp/nginx/scgi 
--with-http_ssl_module

编译安装

代码语言:javascript复制
make
make install

查看Nginx详情

代码语言:javascript复制
[root@localhost nginx-1.16.1]# cd /usr/local/nginx/
[root@localhost nginx]# ./sbin/nginx -V
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --with-http_ssl_module
[root@localhost nginx]#

可以看到SSL已经安装上了

配置证书

代码语言:javascript复制
upstream tomcats {
  server 192.168.247.136:8001;
  server 192.168.247.136:8002;
  server 192.168.247.136:8003;
}

server{
  listen        80;
  server_name   www.tomcat.com;
  # 开启并使用缓存
  proxy_cache mycache;
  # 针对200和304状态码的缓存设置过期时间
  proxy_cache_vaild        200 304 8h;
  location / {
    proxy_pass  http://tomcats;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
  }
}
# HTTPS
server{
  listen        443;
  server_name   www.tomcat.com;
  # 开启SSL证书
  ssl            on;
  # 配置SSL证书  
  ssl_certificate    xxx.crt;
  # 配置证书秘钥
  ssl_certificate_key    xxx.key;
  # SSl 会话缓存
  ssl_session_cache        shared:SSL:1m; 
  # SSL 会话超时时间
  ssl_session_timeout   5m;
  # 配置加密套件,写法遵循openssl标准
  ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers        ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
  ssl_prefer_server_ciphers        on;
  location / {
    proxy_pass  http://tomcats;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
  }
}

配置之前需要将证书上传到conf文件夹下的, 然后将上面的名字修改就可以, 我之前买的证书过期了, 就不重新买了~

nginx SSL证书 https

0 人点赞