1.查看nginx版本信息
$ sudo /usr/local/nginx/sbin/nginx -V
[sudo] password for ericze:
nginx version: nginx/1.7.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
TLS SNI support enabled
configure arguments: --with-http_ssl_module
2.配置nginx.conf,并将下载好的证书文件放到/usr/local/nginx/conf/cert 文件夹下
$ cd /usr/local/nginx/conf/
$ sudo vi nginx.conf
将以下代码放在 #HTTPS server下
server {
listen 8443 ssl;
server_name 此处文字改成你自己的域名;
root /usr/local/dist;
index index.html;
ssl_certificate cert/证书名称.pem;
ssl_certificate_key cert/证书名称.key;
#ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/local/dist;
try_files $uri $uri/ /index.html;
index index.html;
}
location @router {
rewrite ^.*$ /index.html last;
}
location /api {
proxy_set_header Host $host;
proxy_set_header x-forwarded-for $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://后台服务器ip:端口号/;
}
}
3.查看配置文件是否正确并重启nginx
$ cd …/
$ cd sbin/
$ sudo ./nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
$ sudo ./nginx -s reload
4.配置SSL报错 nginx: [emerg] unknown directive “ssl”
到nginx解压目录下执行 ./configure --with-http_ssl_module
$ cd /usr/local/nginx-1.7.4/
$ sudo ./configure --with-http_ssl_module
执行 make(切记不能 make install 会覆盖安装目录)
$ sudo make
将原来 nginx 备份
$ sudo cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
$ sudo cp objs/nginx /usr/local/nginx/sbin/nginx
如果报错,执行 [ericze@VM_0_10_centos nginx-1.7.4]$ sudo cp -rfp objs/nginx /usr/local/nginx/sbin/nginx
5.查看443端口是否开启
$ sudo netstat -lanp
6.inux 不能开启443端口解决:原因为linux非root权限用户不能开启1024以下的端口
$ sudo /sbin/iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443