编译安装nginx,实现多域名 https
0. 目标
- 二进制安装NGINX
- 配置Nginx http访问
- 配置Nginx https访问
1. 获取Nginx包
https://nginx.org/en/download.html
2. 编译安装Nginx
yum install -y gcc pcre-devel openssl-devel zlib-devel lrzsz make
useradd -u 80 nginx -s /sbin/nologin
wget https://nginx.org/download/nginx-1.20.1.tar.gz
tar xf nginx-1.20.1.tar.gz
cd nginx-1.20.1/
mkdir /apps/nginx -p
./configure --prefix=/apps/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
make -j 4 && make install
echo "PATH=/apps/nginx/sbin/:$PATH" >/etc/profile.d/nginx.sh
. /etc/profile.d/nginx.sh
chown nginx.nginx -R /apps/nginx/
2.1 Nginx版本确认
nginx -v
nginx version: nginx/1.20.1
nginx -V
nginx version: nginx/1.20.1
built by gcc 8.4.1 20200928 (Red Hat 8.4.1-1) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
3. 生成Nginx Service文件
cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/apps/nginx/run/nginx.pid
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
EOF
4. Nginx配置(http)
4.1 http配置
cat > /apps/nginx/conf/nginx.conf<<EOF
worker_processes 2;
worker_cpu_affinity 0001 0010;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.aaa.com;
location / {
root /apps/app0;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www.bbb.com;
location / {
root /apps/app1/;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www.ccc.com;
location / {
root /apps/app2;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
EOF
4.2 准备index文件
mkdir /apps/app0
mkdir /apps/app1
mkdir /apps/app2
echo www.aaa.com > /apps/app0/index.html
echo www.bbb.com > /apps/app1/index.html
echo www.ccc.com > /apps/app2/index.html
4.3 测试HTTP
5. Nginx配置(https)
5.1 生成自签证书
https://blog.csdn.net/qq_29974229/article/details/119592889
5.2 将证书复制到nginx目录下
mkdir /apps/nginx/conf/ssl
cp ssl* /apps/nginx/conf/ssl
5.3 修改配置文件
cat >/apps/nginx/conf/nginx.conf<<EOF
worker_processes 1;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name www.aaa.com;
ssl_certificate ssl/ssl.crt;
ssl_certificate_key ssl/ssl.key;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5:!3DES;
ssl_prefer_server_ciphers on;
location / {
root /apps/app0;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 ssl;
server_name www.bbb.com;
ssl_certificate ssl/ssl.crt;
ssl_certificate_key ssl/ssl.key;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5:!3DES;
ssl_prefer_server_ciphers on;
location / {
root /apps/app1/;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 ssl;
server_name www.ccc.com;
ssl_certificate ssl/ssl.crt;
ssl_certificate_key ssl/ssl.key;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5:!3DES;
ssl_prefer_server_ciphers on;
location / {
root /apps/app2;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
EOF
5.4 确认配置正确
nginx -t
nginx -s stop
nginx
5.5 测试SSL