Nginx配置多个证书

来源：互联网发布：mac层的作用编辑：程序博客网时间：2024/05/17 22:11

一、安装

1、创建用户

/usr/sbin/groupadd www/usr/sbin/useradd -g www www

2、安装pcre

tar zxvf pcre-7.9.tar.gzcd pcre-7.9/./configuremake && make install

3、安装openssl

yum install openssl-devel

4、安装nginx (openssl-1.0.1c 是openssl的源码文件)

tar zxvf nginx-0.7.61.tar.gzcd nginx-0.7.61/./configure --user=www --group=www \  --prefix=/usr/local/nginx \  --with-http_stub_status_module \  --with-http_ssl_module \  --with-http_gzip_static_module \  --with-openssl=../openssl-1.0.1cmake && make install

#****必须要保证 nginx -V TLS SNI support enabled*****#

5、解决启动时libpcre.so.1找不到的问题

cd /libln -s /lib/libpcre.so.0.0.1 /lib/libpcre.so.1

二、Nginx指令

启动：nginx
kill -HUP 住进称号或进程号文件路径
nginx -s reload
#注意，修改了配置文件后最好先检查一下修改过的配置文件是否正确，以免重启后Nginx出现错误影响服务器稳定运行。判断Nginx配置是否正确命令如下：
nginx -t -c /usr/nginx/conf/nginx.conf
#或者
/usr/nginx/sbin/nginx -t
#关闭：kill -9 pid
测试配置文件：nginx -t

三、生成证书

openssl req -new  -out server.crs #会生成两个文件，也可以单独生成openssl rsa -in privkey.pem -out server.keyopenssl req -new -x509 -key server.key -out server.crt

#****必须要保证 nginx -V TLS SNI support enabled*****#

四、配置

#配置文件修改

#1、修改80自动提升为httpsserver {        listen       80;        server_name  localhost;        #重写协议        rewrite  ^/(.*)$  https:$host/$1  redirect;        location / {            root   html;            index  index.html index.htm;         }         error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }    }#2、配置https的反向代理    # HTTPS server  server {        listen       443;        server_name  www.b.cn;               ssl                  on;        #证书        ssl_certificate      /data/key/server.crt;        ssl_certificate_key  /data/key/server.key;        ssl_session_timeout  5m;        ssl_protocols  SSLv2 SSLv3 TLSv1;        ssl_ciphers  HIGH:!aNULL:!MD5;        ssl_prefer_server_ciphers   on;        location / {            proxy_pass  http://10.228.191.237;                    proxy_redirect     off;                     proxy_set_header   Host             $host;                      proxy_set_header   X-Real-IP        $remote_addr;                        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;                        client_max_body_size       100m;                        index  index.html index.htm;        }    }    server {        listen       443;        server_name  www.a.cn;               ssl                  on;        ssl_certificate      /data/key/server1.crt;        ssl_certificate_key  /data/key/server1.key;        ssl_session_timeout  5m;        ssl_protocols  SSLv2 SSLv3 TLSv1;        ssl_ciphers  HIGH:!aNULL:!MD5;        ssl_prefer_server_ciphers   on;        location / {            proxy_pass  http://10.228.191.223;                   proxy_redirect     off;                  proxy_set_header   Host             $host;                         proxy_set_header   X-Real-IP        $remote_addr;                         proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;                       client_max_body_size       100m;                        index  index.html index.htm;        }    }