Linux下Nginx安裝並開啟SSL
一. 下載nginx
Nginx download
下載後上傳至伺服器。PS: 博主使用的Nginx版本為: nginx-1.23.4.tar.gz
二. 安裝Nginx所需要的環境
1. 安裝gcc-c++
yum install gcc-c++
yum install -y openssl openssl-devel
2. 安裝pcre包
yum install -y pcre pcre-devel
3. 安裝zlib包
yum install -y zlib zlib-devel
三. 安裝Nginx
1. 解壓Nginx包
# 進入Nginx包存放的目錄
tar -zxvf nginx-1.23.4.tar.gz
2. 進入Nginx目錄配置
使用nginx預設配置,並配置ssl
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-stream
3. 編譯安裝
make
make install
4. 啟動
# 進入nginx的sbin目錄下
# 啟動
./nginx
# 重啟
./nginx -s reload
# 停止
./nginx -s stop
5. 設定開機自啟動
把nginx加入到系統服務中
vim /etc/systemd/system/nginx.service
加入下面內容
[Unit]
Description=Nginx HTTP Server
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
重新載入systemd 配置檔案
systemctl daemon-reload
6. Nginx 常用命令
# 啟動
systemctl start nginx
# 關閉
systemctl stop nginx
# 重啟
systemctl restart nginx
# 檢視狀態
systemctl status nginx
# 設定開機自啟動
systemctl enable nginx
#關閉開機自啟動
systemctl disabled nginx
四. nginx配置檔案
1. 配置SSL證書
server {
listen 443 ssl;
server_name www.baidu.com;
ssl_certificate www.baidu.com.pem; # SSL證書pem檔案
ssl_certificate_key www.baidu.com.key; # SSL證書key證書
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9031/; #轉發請求的地址
proxy_connect_timeout 6000; #連結超時設定
proxy_read_timeout 6000; #訪問介面超時設定
}
location /profile/ {
alias /home/gvdphome/uploadPath/;
expires 30d; # 設定快取過期時間
add_header Cache-Control "public";
}
}
2. 設定靜態資源代理路徑
server {
listen 443 ssl; # 埠
server_name www.baidu.com; # 域名
ssl_certificate www.baidu.com.pem; # SSL證書pem檔案
ssl_certificate_key www.baidu.com.key; # SSL證書key證書
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9031/; #轉發請求的地址
proxy_connect_timeout 6000; #連結超時設定
proxy_read_timeout 6000; #訪問介面超時設定
}
# 靜態資源代理路徑
location /profile/ {
alias /home/baidu/uploadPath/;
expires 30d; # 設定快取過期時間
add_header Cache-Control "public";
}
}
3. 配置80埠
server {
listen 80; # 埠
server_name www.baidu.com; # 域名
location / {
proxy_pass http://localhost:9012/; #轉發請求的地址
proxy_connect_timeout 6000; #連結超時設定
proxy_read_timeout 6000; #訪問介面超時設定
}
}
4. 代理VUE專案
server {
listen 80;
server_name admin.baidu.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:90;
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# 90埠資源
server {
listen 90;
# gzip config 前端載入慢問題這樣解決
gzip on;
gzip_min_length 1k;
gzip_comp_level 9;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
server_name localhost; # 這裡配置域名
location / {
root "/home/baidu/vue/dist";
try_files $uri $uri/ @router;
index index.html index.htm;
error_page 405 =200 http://$host$request_uri;
}
#代理後端介面
location /api/ {
proxy_pass http://localhost:9010/; #轉發請求的地址
proxy_connect_timeout 6000; #連結超時設定
proxy_read_timeout 6000; #訪問介面超時設定
}
location @router {
rewrite ^.*$ /index.html last;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}