一、查看nginx 是否已安装ssl模块
[root@iz6we6h999i4qk6fizg2oyz /]# cd /usr/local/nginx/sbin/
[root@iz6we6h999i4qk6fizg2oyz sbin]# ./nginx -V
nginx version: nginx/1.19.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k 26 Jan 2017
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-openssl=/opt/soft/openssl-1.0.2k
注:因为系统装过uwsgi openssl不用重新安装
二、 查看openssl是否安装
[root@iz6we6h999i4qk6fizg2oyz sbin]# rpm -qa|grep openssl
openssl-devel-1.0.2k-21.el7_9.x86_64
openssl-1.0.2k-21.el7_9.x86_64
openssl-libs-1.0.2k-21.el7_9.x86_64
注:如果没有安装openssl 可参考:
三、生成编译文件并安装
–with-openssl 指向openssl的源码文件
[root@iz6we6h999i4qk6fizg2oyz /]# cd /opt/soft/nginx-1.19.1
[root@iz6we6h999i4qk6fizg2oyz nginx-1.19.1]# ./configure --with-http_ssl_module --with-openssl=/opt/soft/openssl-1.0.2k
编译&安装
[root@iz6we6h999i4qk6fizg2oyz /]# make&&make install
安装完成后结果
[root@iz6we6h999i4qk6fizg2oyz /]# cd /usr/local/nginx/sbin/
[root@iz6we6h999i4qk6fizg2oyz sbin]# ./nginx -V
nginx version: nginx/1.19.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k 26 Jan 2017
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-openssl=/opt/soft/openssl-1.0.2k
四、配置https证书
-
把ssl证书 *.crt 和 私钥 *.key 拷贝到 /usr/local/nginx/https_cert 目录中。
- server 监听 443 端口:
server {
listen 443 ssl;
server_name ******.com www.******.com;ssl_certificate /usr/local/nginx/https_cert/******.com.crt;
ssl_certificate_key /usr/local/nginx/https_cert/******.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m; #会话超时时间
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #SSL协议
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; #加密算法
ssl_prefer_server_ciphers on;location / {
uwsgi_pass 127.0.0.1:8002;
include uwsgi_params;
uwsgi_ignore_client_abort on;
#root /opt/web/wjqw-os;
#index index.html index.htm;
#proxy_hide_header X-Frame-Options; # 避免出现多个X-Frame-Options属性
#add_header X-Frame-Options ALLOWALL; # 将之前网页的SAMEORIGIN属性给替换了,可以嵌套了
}error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/nginx/html;
}
}
配置80自动跳转443端口!!!
server {
listen 80;
server_name ******.com www.*******.com;
rewrite ^(.*) https://$server_name$1 permanent;
}