nginx配置
查看nginx配置是否有语法错误
/usr/local/nginx/sbin/nginx -t (路径都对应找自己的哈)
第一章 nginx安装
1.1 下载安装
wget http://nginx.org/download/nginx-1.12.1.tar.gz
tar zxf nginx-1.12.1.tar.gz
cd nginx-1.12.1
./configure --prefix=/usr/local/nginx
make && make install
chmod 755 /etc/init.d/nginx
vim /etc/init.d/nginx //复制如下内容(参考https://coding.net/u/aminglinux/p/aminglinux-book/git/blob/master/D15Z/etc_init.d_nginx )
chkconfig --add nginx 假如报错 (https://www.cnblogs.com/tiandi/p/7170905.html)
配置文件里需要加上这两行
# chkconfig:
# description:
1.2 启动管理
1.2.1 未添加到服务时启动/关闭
[root@f9fea73f2860 default] $ ps -ef | grep nginx
root 17974 0 0 08:55 ? 00:00:00 nginx: master process
[root@f9fea73f2860 default] kill -QUIT 17974
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
1.2.2 添加到服务启动/关闭
-
在/etc/init.d/下编写控制脚本
vi /etc/init.d/nginx #!/bin/bash # chkconfig: - 30 21 # description: http service. # Source Function Library . /etc/init.d/functions # Nginx Settings NGINX_SBIN="/usr/local/nginx/sbin/nginx" NGINX_CONF="/usr/local/nginx/conf/nginx.conf" NGINX_PID="/usr/local/nginx/logs/nginx.pid" RETVAL=0 prog="Nginx" start() { echo -n $"Starting $prog: " mkdir -p /dev/shm/nginx_temp daemon $NGINX_SBIN -c $NGINX_CONF RETVAL=$? echo return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc -p $NGINX_PID $NGINX_SBIN -TERM rm -rf /dev/shm/nginx_temp RETVAL=$? echo return $RETVAL } reload() { echo -n $"Reloading $prog: " killproc -p $NGINX_PID $NGINX_SBIN -HUP RETVAL=$? echo return $RETVAL } restart() { stop start } configtest() { $NGINX_SBIN -c $NGINX_CONF -t return 0 } case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) restart ;; configtest) configtest ;; *) echo $"Usage: $0 {start|stop|reload|restart|configtest}" RETVAL=1 esac exit $RETVAL
-
添加到服务系统
chmod 755 /etc/init.d/nginx # 赋予执行权限 1.1中有介绍 chkconfig --add nginx # 然后就可以用service nginx start/reload/stop管理了
第二章 配置SSL
2.1 配置正文
- 生成ssl密钥对
cd /usr/local/nginx/conf # nginx配置路径 openssl genrsa -des3 -out tmp.key 2048 # key文件为私钥 openssl rsa -in tmp.key -out tianyu.key # 转换key,取消密码 rm -f tmp.key # 生成证书请求文件,需要拿这个文件和私钥一起生产公钥文件 openssl req -new -key tianyu.key -out tianyu.csr # 这里的tianyu.crt为公钥 openssl x509 -req -days 365 -in tianyu.csr -signkey tianyu.key -out tianyu.crt
- 生成如下文件
- 配置ssl.conf 配置文件如下
server { listen 443; server_name tianyu.com; index index.html index.php; root /data/wwwroot/tianyu.com; ssl on; ssl_certificate tianyu.crt; ssl_certificate_key tianyu.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; }
- 重启nginx
service nginx reload
- 验证配置是否生效——查看443端口是否监听
netstat -anp | grep 443
- 配置hosts文件
vi /etc/hosts 127.0.0.1 tianyu.com
2.2 配置Question
curl https://tianyu.com
-
curl: (60) Peer’s certificate issuer has been marked as not trusted by the user.
此种情况多发生在自签名的证书,报错含义是签发证书机构未经认证,无法识别。
则需要将签发该证书的私有CA公钥文件内容,追加到/etc/pki/tls/certs/ca-bundle.crt。
让自身服务器信任证书。cat tianyu.crt>> /etc/pki/tls/certs/ca-bundle.crt
-
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
curl -insercure https://tianyu.com
-
nginx: [emerg] unknown directive "ssl"
大佬地址:https://blog.csdn.net/weixin_38111957/article/details/81283121- ./configure --with-http_ssl_module
- yum -y install openssl openssl-devel
- ./configure
- make(编译) 不要make install(安装)
- cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
- cp objs/nginx /usr/local/nginx/sbin/nginx