linux服务器nginx配置SSL证书所走过的雷区

1.查看nginx版本信息

$ sudo /usr/local/nginx/sbin/nginx -V
[sudo] password for ericze:
nginx version: nginx/1.7.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
TLS SNI support enabled
configure arguments: --with-http_ssl_module

2.配置nginx.conf,并将下载好的证书文件放到/usr/local/nginx/conf/cert 文件夹下

$ cd /usr/local/nginx/conf/
$ sudo vi nginx.conf

将以下代码放在 #HTTPS server下

server {
    listen 8443 ssl;
    server_name 此处文字改成你自己的域名;

    root    /usr/local/dist;
    index index.html;

    ssl_certificate  cert/证书名称.pem;
    ssl_certificate_key  cert/证书名称.key;

    #ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout 5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;


        location / {
           root    /usr/local/dist;
           try_files $uri $uri/ /index.html;
           index  index.html;
        }

        location @router {
             rewrite ^.*$ /index.html last;
        }
        location /api {
                proxy_set_header   Host             $host;
                proxy_set_header   x-forwarded-for  $remote_addr;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_pass http://后台服务器ip:端口号/;
        }

 }

3.查看配置文件是否正确并重启nginx

$ cd …/
$ cd sbin/
$ sudo ./nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
$ sudo ./nginx -s reload

4.配置SSL报错 nginx: [emerg] unknown directive “ssl”

到nginx解压目录下执行 ./configure --with-http_ssl_module
$ cd /usr/local/nginx-1.7.4/
$ sudo ./configure --with-http_ssl_module

执行 make(切记不能 make install 会覆盖安装目录)

$ sudo make

将原来 nginx 备份

$ sudo cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
$ sudo cp objs/nginx /usr/local/nginx/sbin/nginx

如果报错,执行 [ericze@VM_0_10_centos nginx-1.7.4]$ sudo cp -rfp objs/nginx /usr/local/nginx/sbin/nginx

5.查看443端口是否开启

$ sudo netstat -lanp

6.inux 不能开启443端口解决:原因为linux非root权限用户不能开启1024以下的端口

$ sudo /sbin/iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

你可能感兴趣的:(服务器,java)