nginx配置https服务
环境:centos7.6
1、查看nginx是否支持ssl
[root@tool-19 ~]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.18.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module #有ssl表示支持,没有需要重新编译安装
2、带ssl模块方式安装nginx
wget http://nginx.org/download/nginx-1.9.9.tar.gz tar -zxvf nginx-1.9.9.tar.gz cd nginx-1.9.9 ./configure --prefix=/usr/local/nginx --with-http_ssl_module make make install
3、修改配置文件
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; #app后端服务 upstream app{ server 192.168.10.10; }
#app2后端服务
upstream app2{
server 192.168.10.11;
}
# HTTPS server # server { listen 443 ssl; server_name www.yuming.com; #ssl域名 ssl_certificate /usr/local/nginx/ssl_key/4196440_ezc.chinapopin.com.pem; #ssl的pem证书路径 ssl_certificate_key /usr/local/nginx/ssl_key/4196440_ezc.chinapopin.com.key; #ssl的key证书路径 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://app; #对应app服务 } location /app2 { proxy_pass http://app2; #对应app2服务 } } }
4、配置服务并启动
[root@localhost ]# cat << EOF > /lib/systemd/system/nginx.service #创建Nginx服务系统启动文件 [Unit] Description=nginx After=network.target [Service] Type=forking ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target EOF systemctl daemon-reload && systemctl start nginx && \ systemctl enable nginx && systemctl status nginx
5、验证
ie浏览器 https://www.yuming.com --返回192.168.1.10 的网站 https://www.yuming.com/app2 --返回192.168.1.11 的网站
做一个决定,并不难,难的是付诸行动,并且坚持到底。