博客位置:www.weixuehu.comnginx
1.安装nginxvim
yum install openssl-devel nginx
依赖关系(y安装、d只下载、N不安装),选y便可
Is this ok [y/d/N]: ycentos
若是出现Complete!安装完成session
2.配置文件在/etc/nginxthis
3.从腾讯云官网申请证书并下载,以下图加密
4.建立一个文件夹sslrest
cd /etc/nginx/ mkdir ssl
5.解压证书文件将Nginx中的文件上传到ssl目录下code
6.在/etc/nginx/conf.d/这个目录下建立一个(自定义名称).conf文件,server
cd /etc/nginx/conf.d/ vim weixuehu.conf
文件内容以下:blog
server{ listen 80; #表示监听80端口 server_name weixuehu.com www.weixuehu.com; location / { #将80端口强制转为https rewrite (.*) https://www.weixuehu.com$1 permanent; } } server { listen 443 ssl; #表示监听443端口即https server_name weixuehu.com www.weixuehu.com; ssl on; ssl_certificate /etc/nginx/ssl/1_www.weixuehu.com_bundle.crt; #证书公钥文件路径 ssl_certificate_key /etc/nginx/ssl/2_www.weixuehu.com.key; #证书私钥文件路径 ssl_session_timeout 5m; #5分钟session会话保持 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { #跳转到实际应用 proxy_pass http://127.0.0.1:9999; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
7.在配置weixuehu.conf文件时要注意本身的配置文件路径问题
配置文件参数 说明 listen 443 SSL访问端口号为443 ssl on 启用SSL功能 ssl_certificate 证书文件 ssl_certificate_key 私钥文件 ssl_protocols 使用的协议 ssl_ciphers 配置加密套件,写法遵循openssl标准
8.启动nginx,若是没有错误信息则表示启动成功
service nginx start 或 service nginx restart
我在启动的时候报了如下错误(发现是个人加密文件放错位置了,别的问题也会报这个提示):
Redirecting to /bin/systemctl restart nginx.service Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
根据提示运行命令:
systemctl status nginx.service
报错信息
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2018-11-05 14:53:32 CST; 21s ago
Process: 5999 ExecStart=/usr/sbin/nginx (code=exited, status=1/FAILURE)
Process: 9023 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 9022 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Nov 05 14:53:32 VM_0_15_centos systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 05 14:53:32 VM_0_15_centos nginx[9023]: nginx: [emerg] BIO_new_file("/etc/nginx/1_www.weixuehu.com_bundle.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fop...:no such file)
Nov 05 14:53:32 VM_0_15_centos nginx[9023]: nginx: configuration file /etc/nginx/nginx.conf test failed
Nov 05 14:53:32 VM_0_15_centos systemd[1]: nginx.service: control process exited, code=exited status=1
Nov 05 14:53:32 VM_0_15_centos systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Nov 05 14:53:32 VM_0_15_centos systemd[1]: Unit nginx.service entered failed state.
Nov 05 14:53:32 VM_0_15_centos systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
9.最后使用https访问一下是否成功