Nginx服务器配置Https证书

Nginx服务器配置Https证书

1.Nginx安装ssl模块

nginx默认是没有安装ssl模块的。

[root@localhost nginx-1.20.0]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.20.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
configure arguments:
[root@localhost nginx-1.20.0]#

安装ssl模块前,请备份好nginx相关文件,默认安装目录是/usr/local/nginx,备份该文件夹。
进入到你的解压缩后的nginx目录,注意这里不是nginx安装目录,是解压缩后的目录

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

1.2.重新make

接下来执行

make
#切记不要执行make install,否则会重新安装nginx

1.3.覆盖旧的nginx可执行文件

上述操作执行完成以后,你的目录下会出现objs文件夹,文件夹内存在nginx可执行文件
Nginx服务器配置Https证书_第1张图片

[root@localhost objs]# cp nginx /usr/local/nginx/sbin
cp: overwrite ‘/usr/local/nginx/sbin/nginx’? y

1.4.验证是否安装ssl成功

[root@localhost objs]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.20.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
[root@localhost objs]#

ssl模块安装成功。

2.生成ssl证书

证书可以去阿里云申请免费的证书。我这里演示下如何在本地生成ssl证书。

[root@localhost stage]# openssl req -new -x509 -nodes -out server.crt -keyout server.key
Generating a 2048 bit RSA private key
................................................................................................+++
......................................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CH
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:CS
Organization Name (eg, company) [Default Company Ltd]:HHXD
Organizational Unit Name (eg, section) []:HHXD
Common Name (eg, your name or your server's hostname) []:dbmgr
Email Address []:[email protected]
[root@localhost stage]# ll
total 101328
-rw-r--r--. 1 root root     1383 Jan 18 22:08 server.crt
-rw-r--r--. 1 root root     1704 Jan 18 22:08 server.key
[root@localhost stage]#


3.配置证书

修改nginx.conf配置文件
Nginx服务器配置Https证书_第2张图片
重新加载配置文件完成配置

sbin/nginx -s reload

Nginx服务器配置Https证书_第3张图片

你可能感兴趣的:(运维,nginx,https,服务器)