这里写目录标题
0.基础命令
0、检查 nginx 版本: sudo nginx -v
1、停止nginx服务: sudo systemctl stop nginx
2、再次启动: sudo systemctl start nginx
3、重新启动nginx服务: sudo systemctl restart nginx
4、在进行一些配置更改后重新加载Nginx服务: sudo systemctl reload nginx
5、禁用nginx服务在启动时启动: sudo systemctl disable nginx
6、启用nginx服务在启动时启动: sudo systemctl enable nginx
7、测试 nginx配置是否正确: sudo nginx -t
1.安装nginx
sudo apt update
sudo apt install nginx
2.将项目放入/var/www/html
默认读取这个路径下的index.html文件,/var/www/html
为默认根路径
3.生成证书
从阿里云下载的证书通过openssl转换
openssl x509 -in 6805403_www.0nly.cn.pem -out 6805403_www.0nly.cn.crt
转换结果
4.修改/etc/nginx/sites-available/default
配置文件
将配置文件清空,重新写入以下内容,注意修改自己的域名和证书路径
server { # https
listen 443 ssl;
server_name 0nly.cn; # 证书的域名
ssl_certificate /root/cert/6805403_www.0nly.cn.crt; # 证书地址
ssl_certificate_key /root/cert/6805403_www.0nly.cn.key; # 证书地址
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /var/www/html/; # http 的目录 这里是一个静态页面
autoindex on;
index index.html;
}
}
server { # http
listen 80;
server_name 0nly.cn;
return 301 https://$server_name$request_uri; # http自动转发到https
}
5.post,get本地端口转发
server { # https
listen 443 ssl;
server_name 0nly.cn; # 证书的域名
ssl_certificate /root/cert/6805403_www.0nly.cn.crt; # 证书地址
ssl_certificate_key /root/cert/6805403_www.0nly.cn.key; # 证书地址
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /var/www/html/; # http 的目录 这里是一个静态页面
autoindex on;
index index.html;
}
# 转发注意 location 最后地址不带斜杠是post
location /post {
proxy_pass https://127.0.0.1:8000/post;
}
# 带了斜杠是get
location /get/ {
proxy_pass http://127.0.0.1:8000/get;
}
}
server { # http
listen 80;
server_name 0nly.cn;
return 301 https://$server_name$request_uri; # http自动转发到https
}