准备两台虚拟机,配好yum源和ip地址,一台为服务端,一台为客户端
使用源码安装nginx软件包
⦁ [root@proxy ~]# yum -y install gcc pcre-devel openssl-devel //安装依赖包
⦁ [root@proxy ~]# useradd -s /sbin/nologin nginx
⦁ [root@proxy ~]# tar -xf nginx-1.10.3.tar.gz
⦁ [root@proxy ~]# cd nginx-1.10.3
⦁ [root@proxy nginx-1.10.3]# ./configure \
⦁ > --prefix=/usr/local/nginx \ //指定安装路径
⦁ > --user=nginx \ //指定用户
⦁ > --group=nginx \ //指定组
⦁ > --with-http_ssl_module //开启SSL加密功能
设置防火墙与SELinux
⦁ [root@proxy ~]# firewall-cmd --set-default-zone=trusted
⦁ [root@proxy ~]# setenforce
测试首页文件
⦁ [root@client ~]# curl http://192.168.4.5
⦁ <html>
⦁ <head>
⦁ <title>Welcome to nginx!</title>
⦁ </head>
⦁ <body bgcolor="white" text="black">
⦁ <center><h1>Welcome to nginx!</h1></center>
⦁ </body>
⦁ </html>
修改Nginx配置文件
⦁ [root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
⦁ .. ..
⦁ server {
⦁ listen 80;
⦁ server_name localhost;
⦁ auth_basic "Input Password:"; //认证提示符
⦁ auth_basic_user_file "/usr/local/nginx/pass"; //认证密码文件
⦁ location / {
⦁ root html;
⦁ index index.html index.htm;
⦁ }
⦁ }
生成密码文件,创建用户及密码
⦁ [root@proxy ~]# htpasswd -c /usr/local/nginx/pass tom //创建密码文件
⦁ New password:
⦁ Re-type new password:
⦁ Adding password for user tom
⦁ [root@proxy ~]# htpasswd /usr/local/nginx/pass jerry //追加用户,不使用-c选项
⦁ New password:
⦁ Re-type new password:
⦁ Adding password for user jerry
重启Nginx服务
root@proxy ~]# /usr/local/nginx/sbin/nginx -s reload
登录192.168.4.10客户端主机进行测试
⦁ [root@client ~]# firefox http://192.168.4.5
修改配置文件
⦁ [root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
⦁ .. ..
⦁ server {
⦁ listen 80; //端口
⦁ server_name www.a.com; //域名
⦁ auth_basic "Input Password:"; //认证提示符
⦁ auth_basic_user_file "/usr/local/nginx/pass"; //认证密码文件
⦁ location / {
⦁ root html; //指定网站根路径
⦁ index index.html index.htm;
⦁ }
⦁
⦁ }
⦁ … …
⦁
⦁ server {
⦁ listen 80; //端口
⦁ server_name www.b.com; //域名
⦁ location / {
⦁ root www; //指定网站根路径
⦁ index index.html index.htm;
⦁ }
⦁ }
创建网站根目录及对应首页文件
⦁ [root@proxy ~]# mkdir /usr/local/nginx/www
⦁ [root@proxy ~]# echo "www" > /usr/local/nginx/www/index.html
客户端测试
⦁ [root@client ~]# vim /etc/hosts
⦁ 192.168.4.5 www.a.com www.b.com
生成私钥与证书
⦁ [root@proxy ~]# cd /usr/local/nginx/conf
⦁ [root@proxy ~]# openssl genrsa > cert.key //生成私钥
⦁ [root@proxy ~]# openssl req -new -x509 -key cert.key > cert.pem //生成证书
修改Nginx配置文件,设置加密网站的虚拟主机
⦁ [root@proxy ~]# vim /usr/local/nginx/conf/nginx.conf
⦁ … …
⦁ server {
⦁ listen 443 ssl;
⦁ server_name www.c.com;
⦁ ssl_certificate cert.pem; #这里是证书文件
⦁ ssl_certificate_key cert.key; #这里是私钥文件
⦁
⦁ ssl_session_cache shared:SSL:1m;
⦁ ssl_session_timeout 5m;
⦁
⦁ ssl_ciphers HIGH:!aNULL:!MD5;
⦁ ssl_prefer_server_ciphers on;
⦁
⦁ location / {
⦁ root html;
⦁ index index.html index.htm;
⦁ }
⦁ }
客户端验证
修改客户端主机192.168.4.10的/etc/hosts文件,进行域名解析
⦁ [root@client ~]# vim /etc/hosts
⦁ 192.168.4.5 www.c.com www.a.com www.b.com
2)登录192.168.4.10客户端主机进行测试
⦁ [root@client ~]# firefox https://www.c.com //信任证书后可以访问