Nginx源码安装、文件模块的修改、访问加密(自定(2)

Nginx源码安装、文件模块的修改、访问加密(自定


 
3.nginx访问加密(自定义签名证书)
在互联网中,如果访问不加密,会导致很多重要信息泄露,所有才有了加密
[root@server4 conf]# vim nginx.conf    #访问加密
101    #
102    server {
103        listen      443 ssl;
104        server_name  localhost;
105
106        ssl_certificate      cert.pem;
107        ssl_certificate_key  cert.pem;
108
109        ssl_session_cache    shared:SSL:1m;
110        ssl_session_timeout  5m;
111
112        ssl_ciphers  HIGH:!aNULL:!MD5;
113        ssl_prefer_server_ciphers  on;
114
115        location / {
116            root  html;
117            index  index.html index.htm;
118        }
119    }
120
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem    #生成自定义签名证书
umask 77 ; \
    PEM1=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
    PEM2=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
    /usr/bin/openssl req-utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2-set_serial 0 ; \
    cat $PEM1 >  cert.pem ; \
    echo ""    >> cert.pem ; \
    cat $PEM2 >>cert.pem ; \
    rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
..............+++
................+++
writing new private key to '/tmp/openssl.9egbT2'
-----
You are about to be asked to enter information that will beincorporated
into your certificate request.
What you are about to enter is what is called a DistinguishedName or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:wen
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname)[]:server1.example.com
Email Address []:root@server1.example.com
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server1 certs]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 certs]# nginx -s reload
 
测试 https://172.25.29.1

Nginx源码安装、文件模块的修改、访问加密(自定


选择 I Understand the Risks,确认

Nginx源码安装、文件模块的修改、访问加密(自定


 
4.虚拟主机
虚拟主机允许从一个httpd服务器同时为多个网站提供服务
[root@server1 certs]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
120    server {
121                listen 80;  #监听端口
122                server_name ;  #域名
123
124                location / {
125                        root /web1;    #默认发布目录
126                        index index.html;  #默认发布文件
127                }
128    }
129    server {
130                listen 80;
131                server_name ;
132
133                location / {
134                        root /web2;
135                        index index.html;
136                }
137    }
[root@server1 conf]# mkdir /web1 /web2
[root@server1 conf]# vim /web1/index.html
Welcome to
[root@server1 conf]# vim /web2/index.html
Welcome to
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.confsyntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload
测试
在测试端的主机里加上域名解析
[root@foundation29 Desktop]# vim /etc/hosts
172.25.29.1

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/0cf8efc93976925a3c35e7a9adb42a93.html