编译Nginx, 并使用自签证书实现https访问

1. 编译安装nginx1.8.1

[root@centos7 nginx-1.8.1]# ./configure --prefix=/usr/local/nginx.1.8.1 --with-http_stub_status_module --with-http_ssl_module
[root@centos7 nginx-1.8.1]# make && make install
[root@centos7 nginx-1.8.1]# export PATH=$PATH:/usr/local/nginx.1.8.1/sbin
[root@centos7 ~]# echo "export PATH=$PATH:/usr/local/nginx.1.8.1/sbin" > /etc/profile.d/nginx.sh 
[root@centos7 ~]# grep nginx /etc/man_db.conf 
MANPATH_MAP /usr/local/nginx.1.8.1/sbin	/usr/local/nginx.1.8.1/man
[root@centos7 ~]# mkdir -p /usr/local/nginx.1.8.1/man/man8/
[root@centos7 ~]# cp /home/Allen/nginx-1.8.1/man/nginx.8 /usr/local/nginx.1.8.1/man/man8/

2. nginx加入systemd管理

[root@centos7 nginx-1.8.1]# vim /etc/systemd/system/nginx.service
[Unit]
Description=nginx server daemon
Documentation=man:nginx(8)
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx.1.8.1/sbin/nginx
ExecReload=/usr/local/nginx.1.8.1/sbin/nginx -s reload
ExecStop=/usr/local/nginx.1.8.1/sbin/nginx -s quit
#PrivateTmp=true

[Install]
WantedBy=multi-user.target

[root@centos7 nginx-1.8.1]# systemctl daemon-reload

3. 证书自签名

[root@centos7 ~]# vim req.cnf
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = EN
ST = Beijing
L = Beijing
O = jzbg
OU = Ops
CN = www.jzbg.com
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = www.jzbg.com

[root@centos7 ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/nginx.1.8.1/ssl/private.key -out /usr/local/nginx.1.8.1/ssl/nginx.crt -config req.cnf -sha256

4. 配置nginx

[root@centos7 ~]# vim /usr/local/nginx.1.8.1/conf/nginx.conf
server {
    listen       19972 ssl;
    server_name  www.jzbg.com;

    ssl on;
    ssl_certificate      /usr/local/nginx.1.8.1/ssl/nginx.crt;
    ssl_certificate_key  /usr/local/nginx.1.8.1/ssl/private.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    location / {
        root   html;
        error_page   500 502 503 504  /50x.html;
        index  index.html index.htm;
    }
}

5. 启动nginx

[root@centos7 nginx-1.8.1]# systemctl start nginx
[root@centos7 nginx-1.8.1]# ss -ant | grep 19972
LISTEN     0      128          *:19972                    *:*                  

此时访问会出现如下问题

6. 在Windows中导入证书

7. 测试效果

正常访问,不报证书错误

posted @   虚拟一点  阅读(663)  评论(0编辑  收藏  举报
编辑推荐:
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· .NET Core 托管堆内存泄露/CPU异常的常见思路
· PostgreSQL 和 SQL Server 在统计信息维护中的关键差异
阅读排行:
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· DeepSeek “源神”启动!「GitHub 热点速览」
· 我与微信审核的“相爱相杀”看个人小程序副业
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库
· 上周热点回顾(2.17-2.23)
本文目录
1. 编译安装nginx1.8.12. nginx加入systemd管理3. 证书自签名4. 配置nginx5. 启动nginx6. 在Windows中导入证书7. 测试效果
点击右上角即可分享
微信分享提示