.jpg)
下載證書(shū)
在證書(shū)控制臺(tái)下載 nginx 版本證書(shū)。下載到本地的壓縮文件包解壓后包含:
-
.pem 文件:證書(shū)文件
-
.key 文件:證書(shū)的私鑰文件(申請(qǐng)證書(shū)時(shí)如果沒(méi)有選擇?自動(dòng)創(chuàng)建csr ,則沒(méi)有該文件)
配置nginx
1、在 nginx 的安裝目錄下創(chuàng)建 cert 目錄,并且將下載的全部文件拷貝到 cert 目錄中,如果申請(qǐng)證書(shū)時(shí)是自己創(chuàng)建的csr文件,請(qǐng)將對(duì)應(yīng)的私鑰文件放到 cert 目錄下。
2、打開(kāi) nginx 安裝目錄下 conf 目錄中的 nginx.conf 文件
#user?nobody; worker_processes?1; #error_log?logs/error.log; #error_log?logs/error.log?notice; #error_log?logs/error.log?info; #pid????logs/nginx.pid; events?{ ??worker_connections?1024; } http?{ ??include????mime.types; ??default_type?application/octet-stream; ??#log_format?main?'$remote_addr?-?$remote_user?[$time_local]?"$request"?' ??#?????????'$status?$body_bytes_sent?"$http_referer"?' ??#?????????'"$http_user_agent"?"$http_x_forwarded_for"'; ??#access_log?logs/access.log?main; ??sendfile????on; ??#tcp_nopush???on; ??#keepalive_timeout?0; ??keepalive_timeout?65; ??gzip?on;??#開(kāi)啟gzip ??gzip_min_length?1k;?#低于1kb的資源不壓縮 ??gzip_comp_level?3;?#壓縮級(jí)別【1-9】,越大壓縮率越高,同時(shí)消耗cpu資源也越多,建議設(shè)置在4左右。 ??gzip_types?text/plain?application/javascript?application/x-javascript?text/javascript?text/xml?text/css;?#需要壓縮哪些響應(yīng)類(lèi)型的資源,多個(gè)空格隔開(kāi)。不建議壓縮圖片,下面會(huì)講為什么。 ??gzip_disable?"msie?[1-6].";?#配置禁用gzip條件,支持正則。此處表示ie6及以下不啟用gzip(因?yàn)閕e低版本不支持) ??gzip_vary?on;?#是否添加“vary:?accept-encoding”響應(yīng)頭 ??server?{ ????listen????80?default?backlog=2048;?#配置http可用 ????listen????443?ssl;?#配置https ????server_name?localhost; ????ssl_certificate???../cert/hzzly.pem;?#配置證書(shū)文件 ????ssl_certificate_key?../cert/hzzly.key;?#配置私鑰文件 ????ssl_session_cache??shared:ssl:1m; ????ssl_session_timeout?5m; ????ssl_ciphers?high:!anull:!md5; ????ssl_prefer_server_ciphers?on; ????location?/?{ ??????root??/home/hzzly; ??????index?index.html?index.htm; ????} ????#?location?^~?/apis/?{ ????#???proxy_set_header?host?$host; ????#???proxy_set_header?x-real-ip?$remote_addr; ????#???proxy_set_header?x-forwarded-server?$host; ????#???#?匹配任何以?/apis/?開(kāi)始的請(qǐng)求,并停止匹配?其它location ????#???proxy_pass?http://xxxxxxxxxx/; ????#?} ????#?location?^~?/assets/?{ ????#???gzip_static?on; ????#???expires?max; ????#???add_header?cache-control?public; ????#?} ??} }
3、重啟 nginx
$?cd?/usr/local/nginx/sbin $?./nginx?-s?reload
錯(cuò)誤詳解
1、nginx如果未開(kāi)啟ssl模塊,配置https時(shí)提示錯(cuò)誤
nginx: [emerg] the “ssl” parameter requires ngx_http_ssl_module in …
nginx開(kāi)啟ssl模塊
切換到源碼包:
$?cd?/usr/local/src/nginx-1.16.0
修改新的configure參數(shù)
$?./configure?--prefix=/usr/local/nginx?--with-http_stub_status_module?--with-http_ssl_module
配置完成后,運(yùn)行命令
$?make?//這里不要進(jìn)行make?install,否則就是覆蓋安裝
備份原有已安裝好的nginx
$?cp?/usr/local/nginx/sbin/nginx?/usr/local/nginx/sbin/nginx.bak
將剛剛編譯好的nginx覆蓋掉原有的nginx
$?cp?./objs/nginx?/usr/local/nginx/sbin/
重啟 nginx
$?cd?/usr/local/nginx/sbin $?./nginx?-s?reload
? 版權(quán)聲明
文章版權(quán)歸作者所有,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載。
THE END
.png)
