1.安装nginx
第一步:解压nginx压缩包
# -C 是解压到指定文件目录的操作项
[root@iZwz91y4dhnmovf0kbzivaZ ~]# tar -zxvf nginx-1.17.6.tar.gz -C /usr/local/
第二步:安装nginx所需依赖包
[root@iZwz91y4dhnmovf0kbzivaZ ~]# yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel
第三步:安装nginx
# 进入刚刚解压的nginx目录
[root@iZwz91y4dhnmovf0kbzivaZ ~]# cd /usr/local/nginx-1.17.6/
# 执行命令 并添加ssl模块
[root@iZwz91y4dhnmovf0kbzivaZ nginx-1.17.6]# ./configure --with-http_ssl_module
# 编译
[root@iZwz91y4dhnmovf0kbzivaZ nginx-1.17.6]# make
# 编译安装
[root@iZwz91y4dhnmovf0kbzivaZ nginx-1.17.6]# make install
2.配置nginx SSL证书
# 进入刚刚解压的nginx目录
[root@iZwz91y4dhnmovf0kbzivaZ ~]# cd /usr/local/nginx-1.17.6/
将证书文件上传到服务器的nginx目录里,我们自己可以新建一个目录名为ssl的目录。
vi /usr/local/nginx/conf/nginx.conf
做如下修改:
server {
listen 443 ssl;
server_name xxx.com;
# 配置证书位置
ssl_certificate /usr/local/nginx/ssl/xxxxxxx.pem;
ssl_certificate_key /usr/local/nginx/ssl/xxxxxxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
# 重定向到https
server {
listen 80;
server_name xxxx.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
# 以下是重定向语句
rewrite ^(.*)$ https://xxxx.com permanent;
}