一、先安装nginx
官网
http://nginx.org/en/download.html
下载并解压nginx
[root@jiaxin-ceshi ~]# cd /usr/local/src/
[root@jiaxin-ceshi src]# wget http://nginx.org/download/nginx-1.14.0.tar.gz
[root@jiaxin-ceshi src]# tar xf nginx-1.14.0.tar.gz
[root@jiaxin-ceshi src]#cd nginx-1.14.0
[root@jiaxin-ceshi nginx]# ./configure --prefix=/usr/local/nginx
[root@jiaxin-ceshi nginx]# make
[root@jiaxin-ceshi nginx]# make install
[root@jiaxin-ceshi nginx]# ./sbin/nginx
[root@jiaxin-ceshi nginx]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
AliYunDun 8982 root 19u IPv4 22738 0t0 TCP jiaxin-ceshi:47244->106.11.248.51:http (ESTABLISHED)
nginx 15413 root 6u IPv4 28011 0t0 TCP *:http (LISTEN)
nginx 15414 nobody 6u IPv4 28011 0t0 TCP *:http (LISTEN)
打开浏览器看一下
然后安装证书
下载证书
修改名字复制到/etc/nginx/ca/
修改nginx配置
[root@jiaxin-ceshi ca]# vim /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
[root@jiaxin-ceshi ca]# mkdir /etc/nginx/conf.d/
[root@jiaxin-ceshi ca]# cd /etc/nginx/conf.d/
[root@jiaxin-ceshi conf.d]# vim jiaxin.conf
server {
listen 80 default;
server_name jiaxin.eatjoys.cn;
return 301 https://$host$request_uri;
location / {
root /var/www/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443;
server_name jiaxin.eatjoys.cn;
ssl on;
ssl_certificate /etc/nginx/ca/jiaxin.pem;
ssl_certificate_key /etc/nginx/ca/jiaxin.key;
location / {
root /var/www/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443;
server_name jiaxin-api.eatjoys.cn;
ssl on;
ssl_certificate /etc/nginx/ca/jiaxin.pem;
ssl_certificate_key /etc/nginx/ca/jiaxin.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8006$request_uri;
#WebSocket Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
[root@jiaxin-ceshi ca]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@jiaxin-ceshi ca]# nginx -s reload
别忘记去域名解析
[root@jiaxin-ceshi conf.d]# killall nginx
[root@jiaxin-ceshi conf.d]# nginx
[root@jiaxin-ceshi conf.d]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
AliYunDun 25475 root 18u IPv4 43450 0t0 TCP jiaxin-ceshi:58912->100.100.30.25:http (ESTABLISHED)
nginx 29454 root 6u IPv4 50404 0t0 TCP *:http (LISTEN)
nginx 29455 nobody 6u IPv4 50404 0t0 TCP *:http (LISTEN)
[root@jiaxin-ceshi conf.d]# lsof -i:443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 29454 root 7u IPv4 50405 0t0 TCP *:https (LISTEN)
nginx 29455 nobody 7u IPv4 50405 0t0 TCP *:https (LISTEN)
[root@jiaxin-ceshi conf.d]# mkdir -p /var/www/html
[root@jiaxin-ceshi conf.d]# cd /var/www/html/
[root@jiaxin-ceshi html]# echo EFC > index.html
打开浏览器