ssl + nginx + tomcat 部署方案
安装make
yum -y install gcc automake autoconf libtool make
安装g++
yum install gcc gcc-c++
安装PCRE
cd /usr/local/src wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz tar -zxvf pcre-8.34.tar.gz cd pcre-8.34 ./configure make make install
安装zlib
cd /usr/local/src wget http://zlib.net/zlib-1.2.8.tar.gz tar -zxvf zlib-1.2.8.tar.gz cd zlib-1.2.8 ./configure make make install
安装ssl
cd /usr/local/src wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz tar -zxvf openssl-1.0.1c.tar.gz
安装nginx
cd /usr/local/src wget http://nginx.org/download/nginx-1.4.2.tar.gz tar -zxvf nginx-1.4.2.tar.gz cd nginx-1.4.2 ./configure --sbin-path=/usr/local/nginx/nginx \ --conf-path=/usr/local/nginx/nginx.conf \ --pid-path=/usr/local/nginx/nginx.pid \ --with-http_ssl_module \ --with-pcre=/usr/local/src/pcre-8.34 \ --with-zlib=/usr/local/src/zlib-1.2.8 \ --with-openssl=/usr/local/src/openssl-1.0.1c
#--with-pcre=/usr/src/pcre-8.34 指的是pcre-8.34 的源码路径。
#--with-zlib=/usr/src/zlib-1.2.7 指的是zlib-1.2.7 的源码路径。 make make install
安装成功后 自动生成nginx目录
/usr/local/nginx
启动nginx
/usr/local/nginx/nginx
关闭nginx
/usr/local/nginx/stop_nginx #!/bin/bash kill -9 $(ps -ef | grep nginx | grep -v grep | awk '{print $2}')
验证效果
打开浏览器访问此机器的 IP,如果浏览器出现 Welcome to nginx! 则表示 Nginx 已经安装并运行成功。
通过https访问
安装openssl和openssl-devel
#yum install openssl
#yum install openssl-devel
颁发证书
#mkdir /usr/local/nginx/ssl
#cd /usr/local/nginx/ssl #openssl genrsa -des3 -out server.key 1024 #openssl req -new -key server.key -out server.csr #openssl rsa -in server.key -out server_nopwd.key #openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
配置nginx.conf
server { #listen 80; listen 443; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; ssl on; ssl_certificate /usr/local/nginx/conf/server.crt; ssl_certificate_key /usr/local/nginx/conf/server.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on;
重启nginx
注:如果出现“[emerg] 10464#0: unknown directive "ssl" in /usr/local/nginx-0.6.32/conf/nginx.conf:74”则说明没有将ssl模块编译进nginx,在configure的时候加上“--with-http_ssl_module”
技术微信群:
加微信:wonter 发送:技术Q
医疗微信群:
加微信:wonter 发送:医疗Q
更多文章关注公众号:
加微信:wonter 发送:技术Q
医疗微信群:
加微信:wonter 发送:医疗Q
更多文章关注公众号: