环境
系统:CentOS Linux release 7.9.2009 (Core) #8.3 2011方法一致,测试OK
IP:172.19.147.13
域名:nginxcs.XXX.com
nginx version: nginx/1.19.6
设置域名,以阿里云为例
1、添加域名解析
2、申请免费证书(操作略,详见官网)
3、下载证书文件
4、下载解压,为了方便,统一改名1
安装nginx
安装依赖
yum -y install gcc
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl openssl-devel
参照官网安装文档:http://nginx.org/en/linux_packages.html
sudo yum install yum-utils
vim /etc/yum.repos.d/nginx.repo
粘贴一下内容
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
:wq 保存退出
sudo yum-config-manager --enable nginx-mainline
sudo yum -y install nginx
配置开机启动
systemctl restart nginx.service
systemctl enable nginx.service
配置https访问(http跳转+IP屏蔽)
nginx安装完成后,上传到服务器/etc/nginx/conf.d/cert目录
cd /etc/nginx/conf.d #进入配置目录
mv default.conf default.bak1 #备份默认配置
mkdir cert #创建证书目录,把申请到的证书传到此目录下。
vim /etc/nginx/conf.d/default.conf #新建配置,复制如下内容
#ddns代表域名,如果没有先用localhost,用本机IP访问即可
server { #配置http端口,跳转https,屏蔽IP。如果不想http端口可以不要此段。
listen 80;
server_name localhost;
if ($host != 'nginxcs.XXX.com'){ #屏蔽IP访问
return 403;
}
rewrite ^(.*)$ https://$host$1; #将所有HTTP请求通过rewrite指令重定向到HTTPS。
}
server {
listen 443 ssl; #开启SSl
server_name localhost;
if ($host != 'nginxcs.XXX.com'){ #拒绝IP访问https
return 403;
}
ssl_certificate /etc/nginx/conf.d/cert/1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/1.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
:wq #保存退出
systemctl restart nginx #修改完成后重启服务
效果测试
http://172.19.147.13
https://172.19.147.13
http://nginxcs.zenenr-tech.com/跳转到http://nginxcs.zenenr-tech.com/
https://nginxcs.zenenr-tech.com/ 直接打卡
外网访问
路由器做端口映射,把域名解析修改为外网IP即可。