Nginx安装http_ssl_module模块
1.进入nginx的目录下
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --conf-path=/usr/local/nginx/nginx.conf2.不需要执行make install,否则就覆盖安装了。
make3.备份原有的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_bak4.然后将刚刚编译好的nginx覆盖掉原有的nginx(nginx需要停止)
/usr/local/nginx/sbin/nginx -s stop
cp ./objs/nginx /usr/local/nginx/sbin/
https配置的部分文件、命令
# 重新加载配置文件
/usr/local/nginx/sbin/nginx -s reload
# 关闭nginx
/usr/local/nginx/sbin/nginx -s stop
# 运行
/usr/local/nginx/sbin/nginx
# 查看版本
/usr/local/nginx/sbin/nginx -v
# HTTPS server 前端
#
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate /usr/local/ssl/xxx.pem;
ssl_certificate_key /usr/local/ssl/xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
#禁止在header中出现服务器版本,防止黑客利用版本漏洞攻击
server_tokens off;
#如果是全站 HTTPS 并且不考虑 HTTP 的话,可以加入 HSTS 告诉你的浏览器本网站全站加密,并且强制用 HTTPS 访问
# fastcgi_param HTTPS on;
# fastcgi_param HTTP_SCHEME https;
access_log /usr/local/nginx/logs/httpsaccess-qaxk.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /var/代码/前端;
index index.html index.htm;
}
location @router {
rewrite ^.*$ /index.html last;
}
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
}
# HTTPS server 后端
#
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate /usr/local/ssl/xxx.pem;
ssl_certificate_key /usr/local/ssl/xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
#禁止在header中出现服务器版本,防止黑客利用版本漏洞攻击
server_tokens off;
#如果是全站 HTTPS 并且不考虑 HTTP 的话,可以加入 HSTS 告诉你的浏览器本网站全站加密,并且强制用 HTTPS 访问
# fastcgi_param HTTPS on;
# fastcgi_param HTTP_SCHEME https;
access_log /usr/local/nginx/logs/httpsaccess-back.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location /api-dev/ {
proxy_set_header Host $host:8093; #将NGINX接收到请求头中的Host和端口继续往下传递
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8093/;
}
location /api-qa/ {
proxy_set_header Host $host:8092; #将NGINX接收到请求头中的Host和端口继续往下传递
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8092/;
}
location /other-qa/ {
proxy_set_header Host $host:8050; #将NGINX接收到请求头中的Host和端口继续往下传递
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8050/;
}
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
