Nginx ssl配置

依赖模块--with-http_ssl_module

查看ngixn现有模块
/usr/local/nginx/sbin/nginx -V
如果缺少,需要对nginx进行重新配置和编译。

  1. 切换到源包
    cd /usr/local/nginx-1.9.9
  2. 重新配置
    ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
  3. 重新编译,不需要make install安装。否则会覆盖
    make
  4. 备份原有nginx
    cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
  5. 把源包objs下生成的新nginx覆盖掉原来的nginx。会提示是否覆盖,请输入yes,直接回车默认不覆盖。
    cp ./objs/nginx /usr/local/nginx/sbin/
  6. 启动nginx,查看nginx模块,发现已经添加
    /usr/local/nginx/sbin/nginx -V

ssl 具体配置实例

server {
        listen     80;
        server_name  xxx.com;
        rewrite ^(.*)$  https://$host$1 permanent;  // http 强转 https
    }


 server {
        listen       443 ssl;
        server_name  xxx.com;

        ssl_certificate      ssl/cert-1.crt;
        ssl_certificate_key  ssl/cert-1.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        
        location / {
            proxy_pass http://127.0.0.1:8080;  
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto https;   
            proxy_set_header Forwarded $remote_addr; 
            proxy_set_header X-Real-IP   $remote_addr;

            root  /home/xxx/WebContent;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root  /home/xxx/WebContent;
        }
       
    }  

你可能感兴趣的:(Nginx ssl配置)