编译安装Nginx请参考https://blog.csdn.net/Sunny_Future/article/details/81353755
SSL,对传输数据进行加密,即在普通的套接字上添加一个额外的安全层,SecureSocketLayer,加密通过该套接字传输的数据。
虚拟主机指在一台物理主机服务器上划分出多个磁盘空间,每个磁盘空间都是一台虚拟主机,每台虚拟主机都可以独立对外提供web服务,且互不干扰,用户能够利用虚拟主机把多个不同域名的网站部署在同一台服务器上,不必再为建立一个网站单独购买一台服务器,解决了维护服务器的问题,也节省了服务器硬件成本和相关的维护费用。
虚拟主机
Nginx下,一个server标签就是一个虚拟主机。访问不同域名查看不同网站
- 1、基于域名的虚拟主机,通过域名来区分虚拟主机——应用:外部
##开启服务
[root@server1 ~]# /usr/local/lnmp/nginx/sbin/nginx
[root@server1 nginx-1.10.1]# cat /usr/local/lnmp/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name www.xuptip.qq.com;
root /data/www;
}
# another virtual host using mix of name-
server {
listen 80;
server_name bbs.xuptip.qq.com;
root /data/bbs;
}
}
[root@server1 ~]# mkdir /data/www/ -p
[root@server1 ~]# mkdir /data/bbs
[root@server1 ~]# cat /data/www/index.html
<h1>www.xuptip.qq.com</h1>
[root@server1 ~]# cat /data/bbs/index.html
<h1>bbs.xuptip.qq.com</h1>
[root@server1 ~]# /usr/local/lnmp/nginx/sbin/nginx -s reload
##添加域名解析
[root@server1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.20.11 www.xuptip.qq.com bbs.xuptip.qq.com
测试如下,不同域名对应不同网站
- 2、基于端口的虚拟主机,通过端口来区分虚拟主机——应用:公司内部网站,外部网站的管理后台
[root@server1 ~]# cat /usr/local/lnmp/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name www.xuptip.qq.com;
root /data/www;
}
# another virtual host using mix of port-based configuration
server {
listen 8080;
server_name www.xuptip.qq.com;
root /data/bbs;
}
}
[root@server1 ~]# /usr/local/lnmp/nginx/sbin/nginx -s reload
测试如下,同一域名不同端口,网站不同
- 3、基于 ip 的虚拟主机,几乎不用。
##指定网卡eth0添加ip
[root@server1 ~]# ip addr add 172.25.20.110/24 dev eth0
[root@server1 ~]# cat /usr/local/lnmp/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name 172.25.20.11;
root /data/www;
}
# another virtual host using mix of IP
server {
listen 80;
server_name 172.25.20.110;
root /data/bbs;
}
}
[root@server1 ~]# /usr/local/lnmp/nginx/sbin/nginx -s reload
测试如下,同一网卡不同 ip 不同网站
SSL证书
-
一般我们搭建的web服务器访问是这样的
-
但是,,一般访问网站是这样的,https://
-
开始配置吧!先在配置文件中打开 HTTPS 服务
扫描二维码关注公众号,回复: 9686493 查看本文章
[root@server1 ~]# cat /usr/local/lnmp/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name 172.25.20.11;
root /data/www;
}
# HTTPS server
server {
listen 443 ssl;
server_name www.xuptip.qq.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /data/www;
}
}
- 生成证书
[root@server1 ~]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server1 certs]# /usr/local/lnmp/nginx/sbin/nginx -s reload
浏览器访问 https://www.xuptip.qq.com
如下,,成功访问 https