Skip to content

Commit c9303d8

Browse files
author
zhangchaohuang@banggood.com
committed
2017-08-24 增加 Nginx HTTPS 配置
1 parent 0c602a6 commit c9303d8

File tree

2 files changed

+102
-9
lines changed

2 files changed

+102
-9
lines changed

Nginx-Install-And-Settings.md

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@
7272
--http-proxy-temp-path=/var/temp/nginx/proxy \
7373
--http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
7474
--http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
75+
--with-http_ssl_module \
7576
--http-scgi-temp-path=/var/temp/nginx/scgi
7677
```
7778

@@ -433,6 +434,60 @@ http {
433434
}
434435
```
435436

437+
### 配置 HTTPS 服务(SSL 证书配置)
438+
439+
- 免费申请 SSL 证书渠道
440+
- 教程:<https://www.wn789.com/4394.html>
441+
- SSL For Free:<https://www.sslforfree.com>
442+
- 一般你会下载下面两个文件:`certificate.crt``private.key`
443+
- 如果你需要把 crt 和 key 的证书转换成 keystore(如果你有这个需求的话)
444+
- 从 key 和 crt 生成 pkcs12 格式的 keystore,生成过程会让人你输入密码,这个密码下面会用到,我这里假设输入 123456
445+
- `openssl pkcs12 -export -in certificate.crt -inkey private.key -out youmeek.p12 -name youmeek -CAfile certificate.crt -caname -chain`
446+
- `keytool -importkeystore -v -srckeystore youmeek.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore youmeek.keystore -deststoretype jks -deststorepass 123456`
447+
- 修改 nginx 配置文件,增加对 HTTPS 支持(下面的配置是基于默认安装 nginx 后的配置)
448+
- `vim /usr/local/nginx/conf/nginx.conf`
449+
450+
451+
```
452+
worker_processes 1;
453+
events {
454+
worker_connections 1024;
455+
}
456+
http {
457+
include mime.types;
458+
default_type application/octet-stream;
459+
sendfile on;
460+
keepalive_timeout 65;
461+
462+
# 如果访问 http 也直接跳转到 https
463+
server {
464+
listen 80;
465+
server_name sso.youmeek.com;
466+
return 301 https://$server_name$request_uri;
467+
}
468+
469+
# crt 和 key 文件的存放位置根据你自己存放位置进行修改
470+
server {
471+
listen 443;
472+
server_name sso.youmeek.com;
473+
ssl on;
474+
ssl_certificate /opt/ssl/certificate.crt;
475+
ssl_certificate_key /opt/ssl/private.key;
476+
location / {
477+
root html;
478+
index index.html index.htm;
479+
}
480+
error_page 500 502 503 504 /50x.html;
481+
location = /50x.html {
482+
root html;
483+
}
484+
}
485+
}
486+
487+
```
488+
489+
490+
436491
### HTTP 服务,绑定多个域名
437492

438493
- <https://www.ttlsa.com/nginx/use-nginx-proxy/>

favorite-file/shell/install_nginx.sh

Lines changed: 47 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,65 @@
11
#!/bin/sh
22

3+
34
echo "安装 nginx"
5+
echo "判断常见的文件夹是否存在"
6+
7+
if [ ! -d "/opt/setups" ]; then
8+
mkdir /opt/setups
9+
fi
10+
11+
if [ ! -d "/usr/program" ]; then
12+
mkdir /usr/program
13+
fi
14+
15+
if [ ! -d "/usr/local/nginx" ]; then
16+
mkdir -p /usr/local/nginx
17+
fi
18+
19+
if [ ! -d "/var/log/nginx" ]; then
20+
mkdir -p /var/log/nginx
21+
fi
22+
23+
if [ ! -d "/var/temp/nginx" ]; then
24+
mkdir -p /var/temp/nginx
25+
fi
26+
27+
if [ ! -d "/var/lock/nginx" ]; then
28+
mkdir -p /var/lock/nginx
29+
fi
30+
31+
echo "下载 Nginx"
432

533
cd /opt/setups
34+
wget http://nginx.org/download/nginx-1.12.1.tar.gz
635

7-
yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
36+
if [ ! -f "/opt/setups/nginx-1.12.1.tar.gz" ]; then
37+
echo "Nginx 下载失败,结束脚本"
38+
exit 1
39+
fi
840

9-
mkdir -p /usr/local/nginx /var/log/nginx /var/temp/nginx /var/lock/nginx
41+
echo "Nginx 下载成功,开始解压 Nginx"
42+
tar -zxf nginx-1.12.1.tar.gz
1043

11-
tar zxvf nginx-1.10.2.tar.gz
44+
if [ ! -d "/opt/setups/nginx-1.12.1" ]; then
45+
echo "Nginx 解压失败,结束脚本"
46+
exit 1
47+
fi
1248

13-
cd nginx-1.10.2/
49+
echo "安装源码安装依赖"
50+
yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
1451

15-
./configure --prefix=/usr/local/nginx --pid-path=/var/local/nginx/nginx.pid --lock-path=/var/lock/nginx/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi
52+
echo "开始安装 Nginx"
53+
cd nginx-1.12.1/
1654

55+
./configure --prefix=/usr/local/nginx --pid-path=/var/local/nginx/nginx.pid --lock-path=/var/lock/nginx/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --with-http_ssl_module --http-scgi-temp-path=/var/temp/nginx/scgi
1756
make
18-
1957
make install
2058

59+
echo "防火墙放行 80 端口"
2160
iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
22-
2361
service iptables save
24-
2562
service iptables restart
2663

27-
echo "完成安装 nginx,把端口加到防火墙中"
64+
echo "启动 Nginx"
65+
/usr/local/nginx/sbin/nginx

0 commit comments

Comments
 (0)