要在nginx中配置https,就必须安装ssl模块,也就是:http_ssl_module.
进入到nginx的解压目录:/home/software/nginx-1.16.1
新增ssl模块(原来的那些模块需要保留)
- ./configure \
- --prefix=/usr/local/nginx \
- --pid-path=/var/run/nginx/nginx.pid \
- --lock-path=/var/lock/nginx.lock \
- --error-log-path=/var/log/nginx/error.log \
- --http-log-path=/var/log/nginx/access.log \
- --with-http_gzip_static_module \
- --http-client-body-temp-path=/var/temp/nginx/client \
- --http-proxy-temp-path=/var/temp/nginx/proxy \
- --http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
- --http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
- --http-scgi-temp-path=/var/temp/nginx/scgi \
- --with-http_ssl_module
-
- # 编译
- make
-
- # 安装
- make install
-
把ssl证书*.crt和私钥*.key拷贝到/usr/local/nginx/conf目录中。
新增server监听443端口:
- server {
- listen 443;
- server_name www.imoocdsp.com;
-
- # 开启ssl
- ssl on;
- # 配置ssl证书
- ssl_certificate 1_www.imoocdsp.com_bundle.crt;
- # 配置证书秘钥
- ssl_certificate_key 2_www.imoocdsp.com.key;
-
- # ssl会话cache
- ssl_session_cache shared:SSL:1m;
- # ssl会话超时时间
- ssl_session_timeout 5m;
-
- # 配置加密套件,写法遵循 openssl 标准
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
- ssl_prefer_server_ciphers on;
-
- location / {
- proxy_pass http://tomcats/;
- index index.html index.htm;
- }
- }
-
- ./nginx -s reload
-
腾讯云Nginx配置https文档地址:https://cloud.tencent.com/document/product/400/35244
湘公网安备 43102202000103号
