nginx配置与使用

原创

Miracle2020 2021-12-08 19:36:52 博主文章分类：Nginx ©著作权

©著作权归作者所有：来自51CTO博客作者Miracle2020的原创作品，请联系作者获取转载授权，否则将追究法律责任

1.配置虚拟主机，实现强制https跳转访问www.x.com(x.com为自己定义的域名）第一步：制作自签名证书

#自签名ca证书
[root@node01 certs]# openssl req -newkey ras:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt

#自制key和csr文件
[root@node01 certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.test.com.key -out www.test.com.csr
[root@node01 certs]# ll
total 16
-rw-r--r-- 1 root root 1960 Dec 24 16:13 ca.crt
-rw-r--r-- 1 root root 3272 Dec 24 16:13 ca.key
-rw-r--r-- 1 root root 1732 Dec 24 16:20 www.test.com.csr
-rw-r--r-- 1 root root 3268 Dec 24 16:20 www.test.com.key

#签发证书
[root@node01 certs]# openssl x509 -req -days 3650 -in www.test.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.test.com.crt
[root@node01 certs]# ll
total 24
-rw-r--r-- 1 root root 1960 Dec 24 16:13 ca.crt
-rw-r--r-- 1 root root 3272 Dec 24 16:13 ca.key
-rw-r--r-- 1 root root   17 Dec 24 16:21 ca.srl
-rw-r--r-- 1 root root 1842 Dec 24 16:21 www.test.com.crt
-rw-r--r-- 1 root root 1732 Dec 24 16:20 www.test.com.csr
-rw-r--r-- 1 root root 3268 Dec 24 16:20 www.test.com.key


#验证证书内容
[root@node01 certs]# openssl x509 -in www.test.com.crt -noout -text

第二步：修改nginx.conf配置文件，并重启服务

[root@node01 certs]# vim ../conf/nginx.conf
server {
        listen       80;
        listen       443 ssl;
	server_name  www.test.com;
        ssl_certificate     /apps/nginx/certs/$ssl_server_name.crt;
        ssl_certificate_key /apps/nginx/certs/$ssl_server_name.key;
	ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
	    if ($scheme = http ) {
            rewrite / https://www.test.com permanent;
            }	    
        }

        #error_page  404              /404.html;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

[root@node01 certs]# systemctl daemon-reload 
[root@node01 certs]# systemctl restart nginx

效果图展示：