安装nginx
- nginx依赖
yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
- 下载nginx(1.9.9为例)
wget http://nginx.org/download/nginx-1.9.9.tar.gz
- 解压
tar -xvf nginx-1.9.9.tar.gz
- 安装nginx
进入到nginx解压目录
cd nginx-1.9.9
执行配置(注:nginx的解压目录下执行,with-http_ssl_module非常重要)
./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
- 安装(在nginx解压目录下执行)
make install
https配置
- 准备https证书文件和秘钥放到nginx安装目录下
cd /usr/local/nginx
mkdir cert
mv xx.crt /usr/local/nginx/cert
mv xx.key /usr/local/nginx/cert
- 配置nginx.conf
server {
listen 443;
server_name localhost;
ssl on;
root html;
index index.html index.htm;
ssl_certificate /usr/local/nginx/cert/xxx.crt;
ssl_certificate_key /usr/local/nginx/cert/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
- nginx命令
cd /usr/local/nginx/sbin
启动:./nginx
停止:./nginx -s quit
刷新配置:./nginx -s reload
- 代理本地项目(80端口访问)
server {
listen 80;
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx/cert/xxx.crt;
ssl_certificate_key /usr/local/nginx/cert/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:xxxx;
}
}
- 强制使用https访问
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx/cert/xxx.crt;
ssl_certificate_key /usr/local/nginx/cert/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:xxxx;
}
}