Linux下Nginx安裝證書

2023-04-24 11:06 作者:單純的饒同學 0人讀過 | 我要投稿

個人博客地址： https://note.raokun.top
擁抱ChatGPT，國內(nèi)訪問網(wǎng)站：https://www.playchat.top

1.服務器自帶nginx修改配置

1.查看Nginx進程:

?ps?-aux?|?grep?nginx

2.修改對應config文件

vim?/www/server/nginx/conf/nginx.conf

修改內(nèi)容：

server?{ ?????#SSL?默認訪問端口號為?443 ?????listen?443?ssl;? ?????#請?zhí)顚懡壎ㄗC書的域名 ?????server_name?cloud.tencent.com;? ?????#請?zhí)顚懽C書文件的相對路徑或絕對路徑 ?????ssl_certificate?cloud.tencent.com_bundle.crt;? ?????#請?zhí)顚懰借€文件的相對路徑或絕對路徑 ?????ssl_certificate_key?cloud.tencent.com.key;? ?????ssl_session_timeout?5m; ?????#請按照以下協(xié)議配置 ?????ssl_protocols?TLSv1.2?TLSv1.3;? ?????#請按照以下套件配置，配置加密套件，寫法遵循?openssl?標準。 ?????ssl_ciphers?ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;? ?????ssl_prefer_server_ciphers?on; ?????location?/?{ ?????????#網(wǎng)站主頁路徑。此路徑僅供參考，具體請您按照實際目錄操作。 ?????????#例如，您的網(wǎng)站主頁在?Nginx?服務器的?/etc/www?目錄下，則請修改?root?后面的?html?為?/etc/www。 ?????????root?html;? ?????????index??index.html?index.htm; ?????} ?????location?/portainer/?{ ????????????proxy_pass?http://1.15.118.16:9000/;??#代理鏈接的portainer?web端口 ????????} ?}

3.在 Nginx 根目錄下，通過執(zhí)行以下命令驗證配置文件問題。

./sbin/nginx?-t

4.在 Nginx 根目錄下，通過執(zhí)行以下命令重載 Nginx。

./sbin/nginx?-s?reload

5.重載成功，即可使用 https://cloud.tencent.com 進行訪問。

2.docker創(chuàng)建nginx配置SSL

1.docker創(chuàng)建Nginx

mkdir?-p?/data/nginx/{conf,conf.d,html,logs,certs}

a、將上面下載的證書解壓之后，上傳到/data/nginx/certs目錄下

b、在/data/conf文件下創(chuàng)建nginx.conf文件

user??nginx; worker_processes??auto;?#一般為cpu核數(shù) error_log??/var/log/nginx/error.log?notice; pid????????/var/run/nginx.pid; events?{ ????worker_connections??1024; } http?{ ????include???????/etc/nginx/mime.types; ????default_type??application/octet-stream; ????#log格式 ????log_format??main??'$remote_addr?-?$remote_user?[$time_local]?"$request"?' ??????????????????????'$status?$body_bytes_sent?"$http_referer"?' ??????????????????????'"$http_user_agent"?"$http_x_forwarded_for"'; ????access_log??/var/log/nginx/access.log??main; ????sendfile????????on; ????#tcp_nopush?????on; ????keepalive_timeout??65; ????gzip??on;?#開啟壓縮 ????include?/etc/nginx/conf.d/*.conf; }

c、在/data/html文件下創(chuàng)建html文件 index.html

<!DOCTYPE?html> <html> <head> <title>Welcome?to?nginx!</title> <style> html?{?color-scheme:?light?dark;?} body?{?width:?35em;?margin:?0?auto; font-family:?Tahoma,?Verdana,?Arial,?sans-serif;?} </style> </head> <body> <h1>Welcome?to?nginx!</h1> <p>If?you?see?this?page,?the?nginx?web?server?is?successfully?installed?and working.?Further?configuration?is?required.</p> <p>For?online?documentation?and?support?please?refer?to <a?href="http://nginx.org/">nginx.org</a>.<br/> Commercial?support?is?available?at <a?href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank?you?for?using?nginx.</em></p> </body> </html>

d、在/data/nginx/conf.d/目錄創(chuàng)建default.conf

server?{ ????listen???????80; ????listen??[::]:80; ????server_name?www.example.com;?#填寫域名 ????#將所有HTTP請求通過rewrite指令重定向到HTTPS ????rewrite?^(.*)?https://$server_name$1?permanent; } #配置443端口 server?{ ????????listen?443?ssl;??#?1.1版本后這樣寫 ????????server_name?www.example.com;?#填寫域名 ????????ssl_certificate?certs/1_www.example.com.pem;??#需要將cert-file-name.pem替換成已上傳的證書文件的名稱。 ????????ssl_certificate_key?certs/1_www.example.com.key;?#需要將cert-file-name.key替換成已上傳的證書私鑰文件的名稱。 ????????ssl_session_timeout?5m; ????????#表示使用的加密套件的類型。 ????????ssl_protocols?TLSv1.1?TLSv1.2?TLSv1.3;?#表示使用的TLS協(xié)議的類型。 ????????ssl_prefer_server_ciphers?on; ????????ssl_ciphers?ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ????????ssl_session_cache?shared:SSL:1m; ????????fastcgi_param??HTTPS????????on; ????????fastcgi_param??HTTP_SCHEME?????https; ????location?/?{ ????????proxy_set_header???X-Real-IP?????????$remote_addr; ????????proxy_set_header???Host??????????????$http_host; ????????proxy_set_header???X-Forwarded-For???$proxy_add_x_forwarded_for; ????????root?html; ????????index?index.html?index.htm; ????} }

e、授權文件給nginx用戶

chown?-R?nginx:nginx?/data/nginx

f、創(chuàng)建容器并啟動

docker?run?--name?nginx?-d?-p?80:80?\ ?-p?443:443?\ ?-v?/data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf??\ ?-v?/data/nginx/conf.d/:/etc/nginx/conf.d?\ ?-v?/data/nginx/html:/etc/nginx/html?\ ?-v?/data/nginx/logs:/var/log/nginx?\ ?-v?/data/nginx/certs:/etc/nginx/certs?\ ?-v?/etc/localtime:/etc/localtime:ro?\ ?nginx:1.21.4

3.同域名多端口網(wǎng)站映射配置

修改config

server?{ ????listen???????80; ????listen??[::]:80; ????server_name?rao.top;?#填寫域名 ????#將所有HTTP請求通過rewrite指令重定向到HTTPS ????rewrite?^(.*)?https://$server_name$1?permanent; } #配置443端口 server?{ ????????listen?443?ssl;??#?1.1版本后這樣寫 ????????server_name?raokun.top?www.rao.top;?#填寫域名 ????????#請?zhí)顚懽C書文件的相對路徑或絕對路徑 ????????ssl_certificate???/etc/nginx/cert/1_raokun.top_bundle.crt;? ????????#請?zhí)顚懰借€文件的相對路徑或絕對路徑 ????????ssl_certificate_key??/etc/nginx/cert/2_raokun.top.key; ????????ssl_session_timeout?5m; ????????#表示使用的加密套件的類型。 ????????ssl_protocols?TLSv1.1?TLSv1.2?TLSv1.3;?#表示使用的TLS協(xié)議的類型。 ????????ssl_prefer_server_ciphers?on; ????????ssl_ciphers?ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ????????ssl_session_cache?shared:SSL:1m; ????????fastcgi_param??HTTPS????????on; ????????fastcgi_param??HTTP_SCHEME?????https; ????location?/?{ ????????proxy_set_header???X-Real-IP?????????$remote_addr; ????????proxy_set_header???Host??????????????$http_host; ????????proxy_set_header???X-Forwarded-For???$proxy_add_x_forwarded_for; ????????root?html; ????????index?index.html?index.htm; ????} ????location?/raokun?{ ????????????proxy_pass?http://1.15.11.16:8090/; ????} ????location?/portainer/?{ ????????proxy_pass?http://1.15.118.1:9000/;??#代理鏈接的portainer?web端口 ????} }

參考鏈接：https://blog.csdn.net/weixin_39555954/article/details/124563854

標簽：