Nginx配置SSL证书,实现Https访问
nginx安装目录:/zxy/apps/docker/halo/nginx
nginx安装包目录:/zxy/apps/nginx-1.10.1
1.修改Nginx配置文件(Nginx安装目录)
[root@zxy /]# /zxy/apps/docker/halo/nginx/conf
[root@zxy conf]# vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name blog.datasource.space;
rewrite ^(.*) https://blog.datasource.space permanent;
location / {
root html;
proxy_pass http://blog.datasource.space:8090;
proxy_set_header Host $host;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 ssl;
server_name blog.datasource.space;
ssl on;
ssl_certificate /zxy/apps/nginx-1.10.1/blog.datasource.space/blog.datasource.space_bundle.pem;
ssl_certificate_key /zxy/apps/nginx-1.10.1/blog.datasource.space/blog.datasource.space.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://blog.datasource.space:8090;
}
}
}
2.检查配置文件是否异常(Nginx安装目录)
如下可知,缺少SSL模块
[root@zxy conf]# ../sbin/nginx -t
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /zxy/apps/docker/halo/nginx/conf/nginx.conf:48
nginx: configuration file /zxy/apps/docker/halo/nginx/conf/nginx.conf test failed
3.停止nginx(Nginx安装目录)
[root@zxy conf]# ../sbin/nginx -s quit
4.修改nginx二进制文件(Nginx安装目录)
[root@zxy conf]# cd ../sbin
[root@zxy sbin]# mv nginx nginx.bak
5.安装SSL模块(安装包目录)
–prefix:对应的nginx的安装目录
[root@zxy nginx-1.10.1]# ./configure --prefix=/zxy/apps/docker/halo/nginx --with-http_stub_status_module --with-http_ssl_module
6.编译(安装包目录)
[root@zxy nginx-1.10.1]# make
7.拷贝编译后的nginx二进制文件(安装包目录)
[root@zxy nginx-1.10.1]# cp ./objs/nginx /zxy/apps/docker/halo/nginx/sbin/
8.验证nginx(Nginx安装目录)
[root@zxy conf]# ../sbin/nginx -t
nginx: the configuration file /zxy/apps/docker/halo/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /zxy/apps/docker/halo/nginx/conf/nginx.conf test is successful
拓展一:unexpected end of file, expecting “}”
1.在修改nginx.conf文件时,遇到了少些一个大括号的问题,导致在校验的时候异常:nginx: [emerg] unexpected end of file, expecting "}" in /zxy/apps/docker/halo/nginx/conf/nginx.conf:68
[root@zxy conf]# ../sbin/nginx -t
nginx: [emerg] unexpected end of file, expecting "}" in /zxy/apps/docker/halo/nginx/conf/nginx.conf:68
nginx: configuration file /zxy/apps/docker/halo/nginx/conf/nginx.conf test failed
2.使用grep -Ei "{|}" nginx.conf
检查nginx.conf中是否存在多括号,少括号问题,修正即可
[root@zxy conf]# grep -Ei "{|}" nginx.conf
events {
}
http {
upstream webserver{
}
server {
location / {
}
location = /50x.html {
}
}
server {
location / {
}
}
}
拓展二:host not found in upstream
[root@zxy conf]# ../sbin/nginx nginx: [emerg] host not found in upstream "blog.datasource.space" in /zxy/apps/docker/halo/nginx/conf/nginx.conf:36
遇到如上的情况,只需在/etc/hosts添加服务器IP和域名的映射关系即可