首选Tomcat此处省略,Nginx安装时的准备工作如下:
Nginx安装如下插件:
openssl-1.0.2
pcre-8.21
zlib-1.2.8
openssl安装时注意一些其他依赖插件如:
libcrypto.a libcrypto.pc libssl.a libssl.pc
准备就绪之后,进行Nginx安装操作,Linux检测安装平台目标特征,执行命令:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-openssl=/usr/local/openssl-1.0.2 --with-zlib=/usr/local/zlib-1.2.8
Linux编译并安装命令,具体如下:
编译命令:make
安装命令:make install
清除编译命令:make clean
生成秘钥文件,Linux下生成秘钥分别执行命令如下:
openssl genrsa -des3 -out ca.key 1024 openssl req -new -key ca.key -out ca.csr cp ca.key ca.key.orgi openssl rsa -in ca.key.orgi -out ca.key openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
参考参数说明:
Country Name (2 letter code)[XX]:cn--------国家
State or Province Name (full name)[]:yoodb---------省份
Locality Name (eg, city) [DefaultCity]:yoodb--------------地区名字
Organization Name (eg, company)[Default Company Ltd]:yoodb------公司名
Organizational Unit Name (eg,section) []:ning-----部门
Common Name (eg, your name or yourserver's hostname) []:yoodb----CA主机名
Email Address []:---------邮箱
Please enter the following 'extra'attributes
to be sent with your certificaterequest
A challenge password []:-----------证书请求密钥,CA读取证书的时候需要输入密码
An optional company name[]:-----------公司名称,CA读取证书的时候需要输入名称
Nginx配置nginx.conf文件,具体如下:
server {
listen 443 ssl;
server_name blog.yoodb.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/ca.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/ca.key;
ssl_session_timeout 5m;
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
# ssl_prefer_server_ciphers on;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://127.0.0.1:8081;
}
location /amserver {
proxy_pass http://127.0.0.1:8080;
}
}
部署以及重启 Nginx 操作:
开启 Linux 端口号 443
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/etc/init.d/iptables status 查看防火墙状态
vim /etc/sysconfig/iptables 编辑防火墙文件
/etc/init.d/iptables restart 重启防火墙
nginx –s reload 重启 Nginx服务器命令
2334
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
