【老王公众号】

ssl + nginx + tomcat 部署方案

安装make

yum -y install gcc automake autoconf libtool make

安装g++

yum install gcc gcc-c++

安装PCRE

cd /usr/local/src
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.34.tar.gz 
tar -zxvf pcre-8.34.tar.gz
cd pcre-8.34
./configure
make
make install

安装zlib

cd /usr/local/src
wget http://zlib.net/zlib-1.2.8.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure
make
make install

安装ssl

cd /usr/local/src
wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
tar -zxvf openssl-1.0.1c.tar.gz

安装nginx

cd /usr/local/src
wget http://nginx.org/download/nginx-1.4.2.tar.gz
tar -zxvf nginx-1.4.2.tar.gz
cd nginx-1.4.2
./configure --sbin-path=/usr/local/nginx/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/usr/local/nginx/nginx.pid \
--with-http_ssl_module \
--with-pcre=/usr/local/src/pcre-8.34 \
--with-zlib=/usr/local/src/zlib-1.2.8 \
--with-openssl=/usr/local/src/openssl-1.0.1c
#--with-pcre=/usr/src/pcre-8.34 指的是pcre-8.34 的源码路径。
#--with-zlib=/usr/src/zlib-1.2.7 指的是zlib-1.2.7 的源码路径。 make make install

安装成功后 自动生成nginx目录

/usr/local/nginx

启动nginx

/usr/local/nginx/nginx

关闭nginx

/usr/local/nginx/stop_nginx

#!/bin/bash
kill -9 $(ps -ef | grep nginx | grep -v grep | awk '{print $2}')

验证效果

打开浏览器访问此机器的 IP,如果浏览器出现 Welcome to nginx! 则表示 Nginx 已经安装并运行成功。

通过https访问

安装openssl和openssl-devel

#yum install openssl
#yum install openssl-devel

颁发证书

#mkdir /usr/local/nginx/ssl
#cd /usr/local/nginx/ssl #openssl genrsa -des3 -out server.key 1024 #openssl req -new -key server.key -out server.csr #openssl rsa -in server.key -out server_nopwd.key #openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt

配置nginx.conf

 server {
        #listen       80;
        listen 443;
        server_name  localhost;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        ssl on;
        ssl_certificate /usr/local/nginx/conf/server.crt;
        ssl_certificate_key /usr/local/nginx/conf/server.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers on;

重启nginx

注:如果出现“[emerg] 10464#0: unknown directive "ssl" in /usr/local/nginx-0.6.32/conf/nginx.conf:74”则说明没有将ssl模块编译进nginx,在configure的时候加上“--with-http_ssl_module”

posted @ 2015-12-24 10:56  CTO老王  阅读(825)  评论(0编辑  收藏  举报