查看 nginx 是否安装 http_ssl_module 模块。
$ /usr/local/nginx/sbin/nginx -V # nginx -V 部分系统也可以
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-stream_ssl_preread_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
如上图有‘--with-http_ssl_module’ 这个选项,表示已经安装SSL模块。可直接进入配置nginx.conf 配置
Nginx.conf 配置
编辑 /usr/local/nginx/conf/nginx.conf 配置文件:
配置 https server。注释掉之前的 http server 配置,新增 https server:
server { # 服务器端口使用443,开启ssl, 这里ssl就是上面安装的ssl模块 listen 443 ssl; # 域名,多个以空格分开 server_name hack520.com www.hack520.com; # ssl证书地址 ssl_certificate /usr/local/nginx/cert/ssl.pem; # pem文件的路径 ssl_certificate_key /usr/local/nginx/cert/ssl.key; # key文件的路径 # ssl验证相关配置 ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { root html; index index.html index.htm; } }
将 http 重定向 https。
server { listen 80; server_name hack520.com www.hack520.com; return 301 https://$server_name$request_uri; }
重启 nginx
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
如果 80 端口被占用,用kill [id]来结束进程:
# 查看端口使用 $ netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21307/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3072/sshd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 21307/nginx: master # 结束 80 端口进程 $ kill 21307
再次重启 nginx:
$ /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
或者:
service nginx restart
更多内容请登录www.mihaoyun.com查看