目录一、证书申请二、配置SSL2.1 证书上传2.2 Server配置2.3 配置转发三、配置问题3.1 ngx_Http_ssl_module3.2 ERR_SSL_PROTOCO
# HTTPS server
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
# HTTPS server
server {
# 注意这里就是443 ssl, 不要把ssl删除了
listen 443 ssl;
# 把localhost替换为SSL绑定的域名, 如www.codecoord.com
# server_name localhost;
server_name www.codecoord.com;
# 添加默认主目录和首页, 根据自己的路径修改
root /opt/nginx/html;
index index.html;
# cert.pem和cert.key替换为上传文件的路径(最好使用完整路径)
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
ssl_certificate /opt/nginx/cert/cert.pem;
ssl_certificate_key /opt/nginx/cert/cert.key;
# 下面的不用动
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
server {
# 监听端口
listen 80;
# 改为自己的域名
server_name www.codecoord.com;
# 将http请求强制转为https
# rewrite:重写指令,$host$:请求地址,$1:请求参数,permanent:永久访问
rewrite ^(.*)$ https://$host$1 permanent;
}
上述两步配置完成后测试一下是否配置正确,在sbin目录下运行测试命令
# 配置成功信息
[root@TianXin sbin]# ./nginx -t
nginx: the configuration file /opt/Nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/Nginx/conf/nginx.conf test is successful
[root@TianXin sbin]# ./nginx -s reload
[root@tianxin conf]# nginx -t
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /opt/nginx/conf/nginx.conf:112
nginx: configuration file /opt/nginx/conf/nginx.conf test failed
# 清除编译文件
make clean
# 配置
./configure --prefix=/opt/nginx --with-http_stub_status_module --with-http_ssl_module
# 编译
make
server {
# 注意这里就是443 ssl, 不要把ssl删除了,之前的版本
listen 443 ssl;
...
}
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.codecoord.com codecoord.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
# https
server {
# 注意这里就是443 ssl, 不要把ssl删除
listen 443 ssl;
# 替换为SSL绑定的域名, 如www.codecoord.com
server_name www.codecoord.com;
# 添加默认主目录和首页, 根据自己的路径修改
root /opt/nginx/html;
index index.html;
# cert.pem和cert.key替换为上传文件的路径
ssl_certificate /opt/nginx/cert/www.codecoord.com.pem;
ssl_certificate_key /opt/nginx/cert/www.codecoord.com.key;
# 下面的不用动
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
try_files $uri $uri/ /index.html; # 解决Vue页面刷新404问题
}
}
}
以上就是Nginx实战-配置SSL证书(Centos环境),实现https请求的详细内容,更多关于Nginx配置SSL实现https请求的资料请关注编程网其它相关文章!
--结束END--
本文标题: CentOS环境下Nginx配置SSL证书实现https请求详解
本文链接: https://www.lsjlt.com/news/212841.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-04-18
2024-04-17
2024-04-11
2024-04-08
2024-04-08
2024-04-03
2024-03-15
2024-03-15
2024-03-11
2024-03-08
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0