1. Verify the configuration file
/usr/local/nginx/sbin/nginx -tc /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
2. Specify the configuration file to start
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
3. Specify the configuration file to restart
/usr/local/nginx/sbin/nginx -s reload -c /usr/local/nginx/conf/nginx.conf
4. nginx ssl certificate configuration
1.购买域名服务器进备案(HTTPS是配置是需要ssl证书)
2.购买ssl证书推进阿里云证,可以申请免费的证书
3证书验证审核
4.审核通过后就会出现下载按钮,下载Nginx的安全证
4. Add http_ssl_module module
1. Check whether http_ssl_module is installed (/usr/local/nginx/sbin/nginx -V)
2. When compiling and installing nginx, the module has been installed
[root@lamb ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.8
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx
3. Recompile nginx (use /usr/local/nginx/sbin/nginx -V to view the configured modules, then copy those modules to add --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
)
4. Run in the source code (the directory I downloaded from Nginx is: /home/tar/nginx-1.61)
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --add-module=/home/tar/fastdfs-nginx-module/src
5. Do not make install; otherwise, it will overwrite the previously installed nginx and only need make
6. Back up the original installed nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
7... Overwrite the old nginx program with the new one
cp objs/nginx /usr/local/nginx/sbin/nginx
If prompted "cp: cannot create regular file `/usr/local/nginx/sbin/nginx': Text file busy"
It is recommended to use the following statement cp
cp -rfp objs/nginx /usr/local/nginx/sbin/nginx
5. Verify and restart the new program
verify:
[root@instance-qhno4n00 nginx]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.16.1
built by gcc 8.4.1 20200928 (Red Hat 8.4.1-1) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --add-module=/home/tar/fastdfs-nginx-module/src
It shows that the http_ssl_module configuration is successful
5.config file configuration
申请ssl证书,推荐阿里云的,下载nginx类型的证书
配置nginx,在http {
}标签中增加一个443 ssl的server,和上面的80server并列,代码如下
server {
listen 443 ssl;
server_name 备案的域名;
client_max_body_size 60k;
ssl_certificate /mnt/install/ssl/5168840_demo2.joolun.com_nginx/5168840_demo2.joolun.com.pem;
ssl_certificate_key /mnt/install/ssl/5168840_demo2.joolun.com_nginx/5168840_demo2.joolun.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#前端页面
location / {
root /mnt/install/joolun-wx/dist/;
try_files $uri $uri/ /index.html;
index index.jsp index.html index.htm;
}
#后台接口地址
location /prod-api/ {
proxy_pass http://127.0.0.1:7500/;
proxy_connect_timeout 15s;
proxy_send_timeout 15s;
proxy_read_timeout 15s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
6. Restart
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf