Linux安装nginx，openssl ，证书生成，配置nginx 一整套完整流程

最新推荐文章于 2024-04-07 10:09:55 发布

无奈的码农

最新推荐文章于 2024-04-07 10:09:55 发布

阅读量928

点赞数 2

分类专栏： Linux 文章标签： nginx linux 服务器

本文链接：https://blog.csdn.net/qq_27566167/article/details/128671561

版权

Linux 专栏收录该内容

32 篇文章 1 订阅

订阅专栏

nginx安装

安装编译器

yum install gcc-c++
yum install -y openssl openssl-devel

再安装pcre包

再安装pcre包

再安装zlib包

yum install -y zlib zlib-devel

下载nginx

mdkir nginx #新建nginx文件夹
cd nginx # 进入文件夹
#下载nginx
wget https://nginx.org/download/nginx-1.19.9.tar.gz

解压nginx

tar -zxvf nginx-1.19.9.tar.gz  #解压
cd nginx-1.19.9 # 进入解压文件夹

配置ssl

./configure --with-http_ssl_module    #配置ssl

编译安装

make
make install

关闭防火墙

systemctl stop firewalld.service

放行80和443端口

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent

启动防火墙

systemctl stop firewalld.service

启动nginx

./nginx  # 启动
./nginx -s stop #关闭

这里的命令可以自由选择配置

# 禁止防火墙开机启动
systemctl disable firewalld.service
# 重启防火墙
firewall-cmd --reload
# 开机启动
systemctl enable firewalld.service

nginx安装成系统服务

创建服务脚本

vi /usr/lib/systemd/system/nginx.service

服务脚本内容

[Unit]
Description=nginx -  web server
After=network.target remote-fs.target nss-lookup.target
  
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecQuit=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
  
[Install]
WantedBy=multi-user.target

重新加载系统服务

systemctl daemon-reload

启动服务

systemctl start nginx.service

openssl 安装

Linux 安装OpenSSL及解决遇到的问题

生成CA证书

Linux OpenSSL生成ca证书

ngxin 配置


#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;  # http 端口8080
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

# 由下面的location  转到这里
# proxy_pass http://fd.com;

	upstream fd.com{
		server 127.0.0.1:8080; # 需要监听的端口名 我用的
		keepalive 64;
	}

    # HTTPS server
    #
    server {
        listen       443 ssl;  # https端口 443
        server_name  fd.com;   // 一般提供访问的域名
		

        ssl_certificate      ./opt/common/openssl/fd.crt; # 证书配置
        ssl_certificate_key  ./opt/common/openssl/fd.key; # 公钥配置
		

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            proxy_pass http://fd.com;
        }
    }
	

}