编译安装nginx,实现多域名 https


[root@centos8 ~]#yum -y install gcc pcre-devel openssl-devel zlib-devel
[root@centos8 ~]#useradd -s /sbin/nologin nginx
[root@centos8 ~]#cd /usr/local/src/
[root@centos8 src]#wget http://nginx.org/download/nginx-1.18.0.tar.gz
[root@centos8 src]#tar xf nginx-1.18.0.tar.gz
[root@centos8 src]#cd nginx-1.18.0/
[root@centos8 nginx-1.18.0]#./configure --prefix=/apps/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
[root@centos8 nginx-1.18.0]#make && make install
[root@centos8 nginx-1.18.0]#chown -R nginx.nginx /apps/nginx
[root@centos8 nginx-1.18.0]#ll /apps/nginx/
total 0
drwxr-xr-x 2 nginx nginx 333 Nov 23 18:36 conf
drwxr-xr-x 2 nginx nginx 40 Nov 23 18:36 html
drwxr-xr-x 2 nginx nginx 6 Nov 23 18:36 logs
drwxr-xr-x 2 nginx nginx 19 Nov 23 18:36 sbin
[root@centos8 nginx-1.18.0]#ln -s /apps/nginx/sbin/nginx /usr/sbin/
[root@centos8 nginx-1.18.0]#vim /usr/lib/systemd/system/nginx.service
Description=nginx - high performance web server
After=network-online.target remote-fs.target nss-lookup.target
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[root@centos8 nginx-1.18.0]#mkdir /apps/nginx/run/
[root@centos8 nginx-1.18.0]#vim /apps/nginx/conf/nginx.conf
pid   /apps/nginx/run/nginx.pid;
[root@centos8 nginx-1.18.0]#systemctl daemon-reload
[root@centos8 nginx-1.18.0]#systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@centos8 nginx-1.18.0]#systemctl status nginx
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2021-11-23 18:54:29 CST; 2min 3s ago
Docs: http://nginx.org/en/docs/
Process: 39773 ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf (code=exi>
Main PID: 39774 (nginx)
Tasks: 2 (limit: 50407)
Memory: 2.1M
CGroup: /system.slice/nginx.service
├─39774 nginx: master process /apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.>
└─39775 nginx: worker process
Nov 23 18:54:29 centos8.magedu.org systemd[1]: Starting nginx - high performance web serve>
Nov 23 18:54:29 centos8.magedu.org systemd[1]: Started nginx - high performance web server.

#实现多域名 https
Nginx 支持基于单个IP实现多域名的功能,并且还支持单IP多域名的基础之上实现HTTPS,其实是基于Nginx的 SNI(Server Name Indication)功能实现,SNI是为了解决一个Nginx服务器内使用一个IP绑定多个域名和证书的功能,其具体功能是客户端在连接到服务器建立SSL链接之前先发送要访问站点的域名(Hostname),这样服务器再根据这个域名返回给客户端一个合适的证书。
[root@centos8 ~]#mkidr /apps/nginx/certs/
[root@centos8 ~]#cd /apps/nginx/certs/
[root@centos8 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt
Generating a RSA private key
writing new private key to 'ca.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN #国家代码
State or Province Name (full name) []:Hubei #省份
Locality Name (eg, city) [Default City]:Hubei #城市名称
Organization Name (eg, company) [Default Company Ltd]:abc.com#公司名称
Organizational Unit Name (eg, section) []:abc #部门
Common Name (eg, your name or your server's hostname) []:ca.abc.com #通用名称
Email Address []: #邮箱

[root@centos8 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.abc.com.key -out www.abc.com.csr
Generating a RSA private key
writing new private key to 'www.abc.com.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Hubei
Locality Name (eg, city) [Default City]:Hubei
Organization Name (eg, company) [Default Company Ltd]:abc.com
Organizational Unit Name (eg, section) []:abc
Common Name (eg, your name or your server's hostname) []:www.abc.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@centos8 certs]#openssl x509 -req -days 3650 -in www.abc.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.abc.com.crt
Signature ok
subject=C = CN, ST = Hubei, L = Hubei, O = abc.com, OU = abc, CN = www.abc.com
Getting CA Private Key

[root@centos8 certs]#openssl x509 -in www.abc.com.crt -noout -text
Version: 1 (0x0)
Serial Number:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CN, ST = Hubei, L = Hubei, O = abc.com, OU = abc, CN = ca.abc.com
Not Before: Nov 23 11:19:04 2021 GMT
Not After : Nov 21 11:19:04 2031 GMT
Subject: C = CN, ST = Hubei, L = Hubei, O = abc.com, OU = abc, CN = www.abc.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
[root@centos8 certs]##cat www.abc.com.crt ca.crt > www.abc.com.pem

#Nginx 配置
[root@centos8 certs]#vim /apps/nginx/conf/nginx.conf
include /apps/nginx/conf/conf.d/*.conf;

[root@centos8 certs]#mkdir /apps/nginx/conf/conf.d
[root@centos8 certs]#vim /apps/nginx/conf/conf.d/mobile.conf
server {
listen 80 default_server;
server_name www.abc.com;
rewrite ^(.*)$ https://$server_name$1 permanent;
server {
listen 443 ssl;
server_name www.abc.com;
ssl_certificate /apps/nginx/certs/www.abc.com.pem;
ssl_certificate_key /apps/nginx/certs/www.abc.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
root "/data/nginx/html/mobile";
location /mobile_status {

[root@centos8 certs]#nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful

[root@centos8 certs]#mkdir -pv /data/nginx/html/mobile
mkdir: created directory '/data'
mkdir: created directory '/data/nginx'
mkdir: created directory '/data/nginx/html'
mkdir: created directory '/data/nginx/html/mobile'
[root@centos8 certs]#vim /data/nginx/html/mobile/index.html
<!doctype html>
<html lang="en">
<meta charset="UTF-8" />

<style type="text/css">
background-color: red;
margin: 0;
float: right;
color: yellow;


[root@centos8 certs]#nginx -s reload

[root@centos8 certs]#cat ca.crt >> /etc/pki/tls/certs/ca-bundle.crt

[root@centos8 certs]#curl https://www.abc.com
<!doctype html>
<html lang="en">
<meta charset="UTF-8" />

<style type="text/css">
background-color: red;
margin: 0;
float: right;
color: yellow;


[root@centos8 certs]#curl http://www.abc.com
<head><title>301 Moved Permanently</title></head>
<center><h1>301 Moved Permanently</h1></center>

[root@centos8 certs]#curl -L http://www.abc.com
<!doctype html>
<html lang="en">
<meta charset="UTF-8" />

<style type="text/css">
background-color: red;
margin: 0;
float: right;
color: yellow;


posted @   小糊涂90  阅读(102)  评论(0编辑  收藏  举报
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通