在centos 7 上配置一个https主机
1. 登录
ssh root@121.41.xxx.xxx
2. 安装openssl
yum install openssl
yum install openssl-devel.x86_64
3. 安装nginx
3.1 参考文档
https://my.oschina.net/liucao/blog/470241
3.2 安装必要的
yum -y install gcc gcc-c++ autoconf automake
yum -y install zlib zlib-devel openssl openssl-devel pcre-devel
3.3 安装emacs
yum install emacs
ln -s /usr/bin/emacs /usr/bin/ems
3.4 下载
wget http://nginx.org/download/nginx-1.10.3.tar.gz
tan xvf nginx-1.10.3.tar.gz
cd nginx-1.10.3
3.5 configure
./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-ipv6 \
--with-http_v2_module \
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
3.6 编译
make && make install
3.7 启动
将nginx.conf的第一行uncomment
user nobody;
创建目录
mkdir -p /var/cache/nginx/client_temp
测试配置
nginx -t -c -c /etc/nginx/nginx.conf
启动
nginx -c /etc/nginx/nginx.conf
在浏览器访问http://121.41.xxx.xxx/,能看到nginx的提示,表明运行成功。
4. 配置https
4.1 参考文档
http://www.cnblogs.com/tintin1926/archive/2012/07/12/2587311.html
4.2 生成证书
mkdir -p /etc/nginx/https
cd /etc/nginx/https
4.2 openssl genrsa -des3 -out server.key 1024
Enter pass phrase for server.key:
输入 myfirst
4.3 openssl req -new -key server.key -out server.csr
输入 myfirst
国家:CN
省:SHANGHAI
LOALITY:XUHUI
org: TJ
uni: CT
server hostname: www.mytj.com
email: cxxxxxxx@tj.com
a challenge password: mysecond
company: tj
4.4 openssl rsa -in server.key -out server_nopwd.key
输入 myfrist
4.5 openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
至此,证书生成完毕。
4.6 有如下文件
server.crt server.csr server.key server_nopwd.key
4.7 配置nginx.conf
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server_nopwd.key;
}
4.8 测试
nginx -t -c /etc/nginx/nginx.conf
nginx -s reload
4.9 访问
https://121.41.xxx.xxx/
在/etc/hosts里设置
121.41.xxx.xxx www.mytj.com
然后再访问https://www.mytj.com
1. 登录
ssh root@121.41.xxx.xxx
2. 安装openssl
yum install openssl
yum install openssl-devel.x86_64
3. 安装nginx
3.1 参考文档
https://my.oschina.net/liucao/blog/470241
3.2 安装必要的
yum -y install gcc gcc-c++ autoconf automake
yum -y install zlib zlib-devel openssl openssl-devel pcre-devel
3.3 安装emacs
yum install emacs
ln -s /usr/bin/emacs /usr/bin/ems
3.4 下载
wget http://nginx.org/download/nginx-1.10.3.tar.gz
tan xvf nginx-1.10.3.tar.gz
cd nginx-1.10.3
3.5 configure
./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-ipv6 \
--with-http_v2_module \
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
3.6 编译
make && make install
3.7 启动
将nginx.conf的第一行uncomment
user nobody;
创建目录
mkdir -p /var/cache/nginx/client_temp
测试配置
nginx -t -c -c /etc/nginx/nginx.conf
启动
nginx -c /etc/nginx/nginx.conf
在浏览器访问http://121.41.xxx.xxx/,能看到nginx的提示,表明运行成功。
4. 配置https
4.1 参考文档
http://www.cnblogs.com/tintin1926/archive/2012/07/12/2587311.html
4.2 生成证书
mkdir -p /etc/nginx/https
cd /etc/nginx/https
4.2 openssl genrsa -des3 -out server.key 1024
Enter pass phrase for server.key:
输入 myfirst
4.3 openssl req -new -key server.key -out server.csr
输入 myfirst
国家:CN
省:SHANGHAI
LOALITY:XUHUI
org: TJ
uni: CT
server hostname: www.mytj.com
email: cxxxxxxx@tj.com
a challenge password: mysecond
company: tj
4.4 openssl rsa -in server.key -out server_nopwd.key
输入 myfrist
4.5 openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
至此,证书生成完毕。
4.6 有如下文件
server.crt server.csr server.key server_nopwd.key
4.7 配置nginx.conf
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server_nopwd.key;
}
4.8 测试
nginx -t -c /etc/nginx/nginx.conf
nginx -s reload
4.9 访问
https://121.41.xxx.xxx/
在/etc/hosts里设置
121.41.xxx.xxx www.mytj.com
然后再访问https://www.mytj.com
1542
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
