Linux下Nginx安装并开启SSL
一. 下载nginx
Nginx download
下载后上传至服务器。PS: 博主使用的Nginx版本为: nginx-1.23.4.tar.gz
二. 安装Nginx所需要的环境
1. 安装gcc-c++
yum install gcc-c++
yum install -y openssl openssl-devel2. 安装pcre包
yum install -y pcre pcre-devel3. 安装zlib包
yum install -y zlib zlib-devel三. 安装Nginx
1. 解压Nginx包
# 进入Nginx包存放的目录
tar -zxvf nginx-1.23.4.tar.gz2. 进入Nginx目录配置
使用nginx默认配置,并配置ssl
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-stream3. 编译安装
make
make install4. 启动
# 进入nginx的sbin目录下
# 启动
./nginx
# 重启
./nginx -s reload
# 停止
./nginx -s stop5. 设置开机自启动
把nginx加入到系统服务中
vim /etc/systemd/system/nginx.service加入下面内容
[Unit]
Description=Nginx HTTP Server
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target重新加载systemd 配置文件
systemctl daemon-reload6. Nginx 常用命令
# 启动
systemctl start nginx
# 关闭
systemctl stop nginx
# 重启
systemctl restart nginx
# 查看状态
systemctl status nginx
# 设置开机自启动
systemctl enable nginx
#关闭开机自启动
systemctl disabled nginx四. nginx配置文件
1. 配置SSL证书
server {
listen 443 ssl;
server_name www.baidu.com;
ssl_certificate www.baidu.com.pem; # SSL证书pem文件
ssl_certificate_key www.baidu.com.key; # SSL证书key证书
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9031/; #转发请求的地址
proxy_connect_timeout 6000; #链接超时设置
proxy_read_timeout 6000; #访问接口超时设置
}
location /profile/ {
alias /home/gvdphome/uploadPath/;
expires 30d; # 设置缓存过期时间
add_header Cache-Control "public";
}
}2. 设置静态资源代理路径
server {
listen 443 ssl; # 端口
server_name www.baidu.com; # 域名
ssl_certificate www.baidu.com.pem; # SSL证书pem文件
ssl_certificate_key www.baidu.com.key; # SSL证书key证书
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:9031/; #转发请求的地址
proxy_connect_timeout 6000; #链接超时设置
proxy_read_timeout 6000; #访问接口超时设置
}
# 静态资源代理路径
location /profile/ {
alias /home/baidu/uploadPath/;
expires 30d; # 设置缓存过期时间
add_header Cache-Control "public";
}
}3. 配置80端口
server {
listen 80; # 端口
server_name www.baidu.com; # 域名
location / {
proxy_pass http://localhost:9012/; #转发请求的地址
proxy_connect_timeout 6000; #链接超时设置
proxy_read_timeout 6000; #访问接口超时设置
}
}4. 代理VUE项目
server {
listen 80;
server_name admin.baidu.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:90;
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# 90端口资源
server {
listen 90;
# gzip config 前端加载慢问题这样解决
gzip on;
gzip_min_length 1k;
gzip_comp_level 9;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
server_name localhost; # 这里配置域名
location / {
root "/home/baidu/vue/dist";
try_files $uri $uri/ @router;
index index.html index.htm;
error_page 405 =200 http://$host$request_uri;
}
#代理后端接口
location /api/ {
proxy_pass http://localhost:9010/; #转发请求的地址
proxy_connect_timeout 6000; #链接超时设置
proxy_read_timeout 6000; #访问接口超时设置
}
location @router {
rewrite ^.*$ /index.html last;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
