• Nginx server之Nginx添加ssl支持


    //环境介绍

    1.nginx服务器:10.10.54.157

    2.配置nginx服务器,当监听到来自客户端www.zijian.com:80请求时,转到10.10.54.150:1500这个web服务器上

    3.配置nginx服务器支持ssl加密传输协议

    //生成nginx服务器需要的证书文件

    1.创建网站证书存放目录
    shell> mkdir /usr/local/nginx/conf/ssl
    shell> cd /usr/local/nginx/conf/ssl
    
    2.制作CA证书
    shell> openssl genrsa -des3 -out ca.key 2048
    shell> openssl req -new -x509 -days 7305 -key ca.key -out ca.crt
    
    3.生成nginx服务器所需证书,并用CA签名
    shell> openssl genrsa -des3 -out client.key 1024
    shell> openssl req -new -key client.key -out client.csr
    shell> openssl x509 -req -in client.csr -out client.pem -signkey client.key -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650
    
    4.查看证书文件
    shell> pwd
    /usr/local/nginx/conf/ssl
    shell> ls
    ca.crt  ca.key  ca.srl  client.csr  client.key  client.pem
    

      //配置nginx支持ssl传输协议

    shell> vim /usr/local/nginx/conf/nginx.conf
    ------------------------------------------------
    user  apache apache;
    worker_processes  2;
    error_log  logs/error_nginx.log;
    pid        logs/nginx.pid;
    events {
        worker_connections  1024;
    }
    
    http {
            include       mime.types;
            default_type  application/octet-stream;
            log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
            access_log  logs/access_nginx.log  main;
            sendfile        on;
            tcp_nopush      on;
            keepalive_timeout  65;
            gzip  on;
    
    server {
            listen       443;
            server_name  www.zijian.com;
             charset uft-8;
             access_log logs/www.access.log main;
             root /var/www/html;
             location / {
             index index.html index.htm;
              }
    
             ssl                  on;
             ssl_certificate      /usr/local/nginx/conf/ssl/client.pem;
             ssl_certificate_key  /usr/local/nginx/conf/ssl/client.key;
    
          }
    }
    --------------------------------------------------------
    
    #上面的配置只支持https://www.zijian.com 访问,因为监听端口只开了443端口,普通的http协议的80端口并未开放
    #要开放http和https,再加上下面这一条server
    ------------------------------------------------
    server {
            listen       80;
            server_name  www.zijian.com;
             charset uft-8;
             access_log logs/www.access.log main;
             root /var/www/html;
             location / {
             proxy_pass http://10.10.54.150:1500;
              }
          }
          
    #当用户使用http协议浏览该网站时,自动跳转到10.10.54.150:1500上
    ------------------------------------------------
    

      

  • 相关阅读:
    MySQLHA系列MHA(一)
    VS找不到约束
    Android开发被添加到桌面快捷方式
    Oracle查看和修改其最大的游标数
    Sde表结构分析
    SDE+ORACLE优化配置
    sqlplus常用命令
    ArcGIS 开发的一些知识学习点
    1.ireport基本使用
    java.net.ProtocolException: Exceeded stated content-length of: '13824' bytes
  • 原文地址:https://www.cnblogs.com/chjbbs/p/6802923.html
Copyright © 2020-2023  润新知