1、安装Nginx
sudo apt-get install nginx
2、nginx服务
sudo service nginx start
sudo service nginx stop
sudo service nginx restart
3、测试Nginx服务
访问:http://服务器IP:80/
可以看到nginx的欢迎界面
4、配置Nginx
nginx的配置文件/etc/nginx/nginx.conf
user root; // 指定Nginx Worker 进程运行用户及用户组,默认是www-data,这里修改为root组,否则可能报403禁止访问虚拟主机的目录
worker_processes auto; // 指定Nginx开启的进程数,每个Nginx进程平均耗费10M-20M内存
pid /var/run/nginx.pid; // 用来指定进程id的存储文件的位置
events { //用来指定Nginx的工作模式,及连接上限数
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings //基础配置
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings //SSL证书配置
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings //nginx日志文件配置
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings //需要进行gzip压缩的默认配置数据
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf; //nginx需要加载的自定义虚拟主机
#include /etc/nginx/sites-enabled/*;//nginx默认的配置,注意:这里不使用默认配置
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
5、添加虚拟主机配置并配置SSL证书
vim /etc/nginx/conf.d/default.conf ,注意必须是.conf后缀的配置文件才行
在/etc/nginx/下创建cert目录,将证书文件放到里面
server {
listen 443 ssl; //设置监听的端口
server_name baidu.com www.baidu.com; //添加监听的主机名
ssl_certificate /etc/nginx/cert/xxxx.pem; //添加SSL证书
ssl_certificate_key /etc/nginx/cert/xxxx.key; //添加SSL证书Key
ssl_session_timeout 5m; //设置session超时时间
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;//设置SSL加密配置
location / {
root /root/dist;//设置虚拟主机加载目录
index index.html;//设置虚拟主机默认加载的首页
}
}
server {
listen 80; //设置监听的端口
server_name baidu.com www.baidu.com; //添加监听的主机名
rewrite ^(.*)$ https://${server_name}$1 permanent; //重定向到443端口
}
- 证书生成
# 生成密钥server.key,需要输入密码pass
openssl genrsa -des3 -out server.key 2048
# 去除server.key中的密码,防止以后重复输入
openssl rsa -in server.key -out server.key
# 创建服务器证书的申请文件server.csr
openssl req -new -key server.key -out server.csr
# 创建CA证书 ca.crt
openssl req -new -x509 -key server.key -out ca.crt -days 3650
# 创建自当前日期起有效期为期十年的服务器证书server.crt
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
6、让Nginx重新加载配置
nginx -s reload