一、安装依赖
yum install -y gcc gcc-c++ autoconf automake make zlib zlib-devel openssl openssl-devel pcre pcre-devel
二、预编译、编译安装nginx
1、进入nginx-1.24.0安装包目录执行下述命令
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module
2、编译安装nginx
make && make install
三、配置https签名证书
1.生成一对秘钥,把公钥做成证书 ca.key
openssl genrsa -out ca.key 2048 生成一个 2048 位的 私钥
我们可以 输出它的公钥看看 openssl rsa -in ca.key -pubout
2. 生成证书CRT server.crt
openssl req -new -x509 -key ca.key -out server.crt -days 365
国家 Country Name: CN
省 Stat or Province Name Shanghai
市 Locality Name Shanghai
公司 Organization Name : HUPU
部门 Organizational Unit Tech
主机名 Common Name yy@qq.com
邮件 Email Address yy@qq.com
我们可以查看证书内容 openssl x509 -text -in server.crt
例如:
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=127.0.0.1/emailAddress=yy@qq.com"
生成如图中两个文件
四、配置nginx的https
server {
listen 443 ssl http2 default_server;
server_name localhost;
root /usr/local/nginx/html/dist;
ssl_certificate "/usr/local/nginx/cert.crt";
ssl_certificate_key "/usr/local/nginx/rsa_private.key";
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
五、完成
1、平滑重启nginx
nginx -s reload
2、开启443端口
firewall-cmd --zone=public --add-port=443/tcp --permanent
3、浏览器访问:https://ip