操作流程
一、安装openssl
1.上传openssl压缩包
2.解压 tar -zxvf openssl-1.1.1l.tar.gz
3.进入openssl-1.1.1l目录
make
make install
二、安装nginx 配置ssl
1.添加依赖库
yum -y install gcc gcc-c++
yum -y install pcre pcre-devel
yum -y install zlib zlib-devel
yum -y install openssl openssl-devel
安装nginx
解压nginx tar -zxvf nginx-1.24.0.tar.gz
进入 cd nginx-1.24.0/
添加ssl模块 ./configure --prefix=/export/nginx --with-http_ssl_module
编译安装
make
make install-
/usr/local/tool/nginx/sbin目录
./nginx -V 查看nginx是否挂在openssl
说明:nginx -v只看nginx版本,nginx -V可以看nginx挂载的模块
image.png nginx.conf配置
进入到conf目录下,创建cert文件夹,将.key和.pem文件放进去
server {
listen 443 ssl;
server_name zhihuiwuxue.com;
ssl_certificate cert/zhihuiwuxue.com.pem;
ssl_certificate_key cert/zhihuiwuxue.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html/pigh5pro;
index index.html index.htm;
try_filesuri/ /index.html;
}
location / {
proxy_redirect off;
proxy_set_header Hostremote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://58.48.93.215:58602/;
}
}服务器的HTTP端口,默认为8080,改为443
开通443端口以及其他端口
前后端 几个服务几个端口注意nginx后端反向代理端口不能和后端端口一致(注意)
