最新要闻

广告

手机

iphone11大小尺寸是多少?苹果iPhone11和iPhone13的区别是什么?

iphone11大小尺寸是多少?苹果iPhone11和iPhone13的区别是什么?

警方通报辅警执法直播中被撞飞:犯罪嫌疑人已投案

警方通报辅警执法直播中被撞飞:犯罪嫌疑人已投案

家电

Linux下Nginx安装证书_世界热门

来源:博客园

个人博客地址: https://note.raokun.top拥抱ChatGPT,国内访问网站:https://www.playchat.top


(资料图片)

1.服务器自带nginx修改配置

1.查看Nginx进程:

ps -aux | grep nginx

2.修改对应config文件

vim /www/server/nginx/conf/nginx.conf

修改内容:

server {     #SSL 默认访问端口号为 443     listen 443 ssl;      #请填写绑定证书的域名     server_name cloud.tencent.com;      #请填写证书文件的相对路径或绝对路径     ssl_certificate cloud.tencent.com_bundle.crt;      #请填写私钥文件的相对路径或绝对路径     ssl_certificate_key cloud.tencent.com.key;      ssl_session_timeout 5m;     #请按照以下协议配置     ssl_protocols TLSv1.2 TLSv1.3;      #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;      ssl_prefer_server_ciphers on;     location / {         #网站主页路径。此路径仅供参考,具体请您按照实际目录操作。         #例如,您的网站主页在 Nginx 服务器的 /etc/www 目录下,则请修改 root 后面的 html 为 /etc/www。         root html;          index  index.html index.htm;     }     location /portainer/ {            proxy_pass http://1.15.118.16:9000/;  #代理链接的portainer web端口        } }

3.在 Nginx 根目录下,通过执行以下命令验证配置文件问题。

./sbin/nginx -t

4.在 Nginx 根目录下,通过执行以下命令重载 Nginx。

./sbin/nginx -s reload

5.重载成功,即可使用 https://cloud.tencent.com进行访问。

2.docker创建nginx配置SSL

1.docker创建Nginx

mkdir -p /data/nginx/{conf,conf.d,html,logs,certs}

a、将上面下载的证书解压之后,上传到/data/nginx/certs目录下

b、在/data/conf文件下创建nginx.conf文件

user  nginx;worker_processes  auto; #一般为cpu核数 error_log  /var/log/nginx/error.log notice;pid        /var/run/nginx.pid;  events {    worker_connections  1024;}  http {    include       /etc/nginx/mime.types;    default_type  application/octet-stream;#log格式    log_format  main  "$remote_addr - $remote_user [$time_local] "$request" "                      "$status $body_bytes_sent "$http_referer" "                      ""$http_user_agent" "$http_x_forwarded_for"";     access_log  /var/log/nginx/access.log  main;     sendfile        on;    #tcp_nopush     on;     keepalive_timeout  65;     gzip  on; #开启压缩     include /etc/nginx/conf.d/*.conf;}

c、在/data/html文件下创建html文件 index.html

Welcome to nginx!

Welcome to nginx!

If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.

For online documentation and support please refer tonginx.org.
Commercial support is available atnginx.com.

Thank you for using nginx.

d、在/data/nginx/conf.d/目录创建default.conf

server {    listen       80;    listen  [::]:80;server_name www.example.com; #填写域名#将所有HTTP请求通过rewrite指令重定向到HTTPS    rewrite ^(.*) https://$server_name$1 permanent;} #配置443端口server {listen 443 ssl;  # 1.1版本后这样写        server_name www.example.com; #填写域名        ssl_certificate certs/1_www.example.com.pem;  #需要将cert-file-name.pem替换成已上传的证书文件的名称。ssl_certificate_key certs/1_www.example.com.key; #需要将cert-file-name.key替换成已上传的证书私钥文件的名称。        ssl_session_timeout 5m;        #表示使用的加密套件的类型。ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型。ssl_prefer_server_ciphers on;        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_session_cache shared:SSL:1m;         fastcgi_param  HTTPS        on;        fastcgi_param  HTTP_SCHEME     https;location / {proxy_set_header   X-Real-IP         $remote_addr;proxy_set_header   Host              $http_host;proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;        root html;        index index.html index.htm;    }}

e、授权文件给nginx用户

chown -R nginx:nginx /data/nginx

f、创建容器并启动

docker run --name nginx -d -p 80:80 \ -p 443:443 \ -v /data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf  \ -v /data/nginx/conf.d/:/etc/nginx/conf.d \ -v /data/nginx/html:/etc/nginx/html \ -v /data/nginx/logs:/var/log/nginx \ -v /data/nginx/certs:/etc/nginx/certs \ -v /etc/localtime:/etc/localtime:ro \ nginx:1.21.4

3.同域名多端口网站映射配置

修改config

server {    listen       80;    listen  [::]:80;server_name rao.top; #填写域名#将所有HTTP请求通过rewrite指令重定向到HTTPS    rewrite ^(.*) https://$server_name$1 permanent;} #配置443端口server {listen 443 ssl;  # 1.1版本后这样写        server_name raokun.top www.rao.top; #填写域名        #请填写证书文件的相对路径或绝对路径        ssl_certificate   /etc/nginx/cert/1_raokun.top_bundle.crt;         #请填写私钥文件的相对路径或绝对路径        ssl_certificate_key  /etc/nginx/cert/2_raokun.top.key;        ssl_session_timeout 5m;        #表示使用的加密套件的类型。ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型。ssl_prefer_server_ciphers on;        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_session_cache shared:SSL:1m;         fastcgi_param  HTTPS        on;        fastcgi_param  HTTP_SCHEME     https;location / {proxy_set_header   X-Real-IP         $remote_addr;proxy_set_header   Host              $http_host;proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;        root html;        index index.html index.htm;    }    location /raokun {            proxy_pass http://1.15.11.16:8090/;    }    location /portainer/ {        proxy_pass http://1.15.118.1:9000/;  #代理链接的portainer web端口    }}

参考链接:https://blog.csdn.net/weixin_39555954/article/details/124563854

关键词: