请叫我小C
2019-03-26 08:56:53
Nginx配置SSL证书,实现https访问
上一篇写了SpringBoot如何配置的SSL,今天写Nginx配置SSL。
首先查看Nginx是否支持ssl,如果不支持,则需要重新编译加装SSL模块。
步骤一:查看是否支持SSL,输入如下命令
./nginx -t
反馈信息中如果有如下信息说明已经安装SSL模块
(安装SSL模块可以执行如下命令)
./configure --prefix=/usr/local/nginx--with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module
在执行make命令,重复执行步骤一验证。直至验证通过,那么恭喜已经安装好了SSL模块。
步骤二:上传ssl证书,一般上传到etc/ssl目录下即可
步骤三:编辑nginx.conf文件,http{}里编辑
upstream blogserver{ ip_hash; #session server 172.16.0.4:8080 weight=1; server 172.16.0.4:8081 weight=2; } server { listen 443; server_name suwanru.cn; ssl on; ssl_certificate /etc/ssl/1959105_www.suwanru.cn.pem; ssl_certificate_key /etc/ssl/1959105_www.suwanru.cn.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://blogserver; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } server{ listen 80; server_name 106.13.53.27; rewrite ^/(.*)$ https://suwanru.cn:443/$1 permanent; }
上面一段代码监听80端口是因为需要所有访问80端口的数据需要转发到443端口,上面这段代码就是这个用处
步骤四:sbin目录下执行 ./nginx -t 验证文件是否通过,通过后启动nginx,即可实现https访问。
评论