3.nginx访问加密(自定义签名证书)
在互联网中,如果访问不加密,会导致很多重要信息泄露,所有才有了加密
[root@server4 conf]# vim nginx.conf #访问加密
101 #
102 server {
103 listen 443 ssl;
104 server_name localhost;
105
106 ssl_certificate cert.pem;
107 ssl_certificate_key cert.pem;
108
109 ssl_session_cache shared:SSL:1m;
110 ssl_session_timeout 5m;
111
112 ssl_ciphers HIGH:!aNULL:!MD5;
113 ssl_prefer_server_ciphers on;
114
115 location / {
116 root html;
117 index index.html index.htm;
118 }
119 }
120
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem #生成自定义签名证书
umask 77 ; \
PEM1=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp/tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req-utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2-set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >>cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
..............+++
................+++
writing new private key to '/tmp/openssl.9egbT2'
-----
You are about to be asked to enter information that will beincorporated
into your certificate request.
What you are about to enter is what is called a DistinguishedName or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:wen
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname)[]:server1.example.com
Email Address []:root@server1.example.com
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/
[root@server1 certs]# nginx -t
nginx: the configuration file/usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 certs]# nginx -s reload
测试 https://172.25.29.1
选择 I Understand the Risks,确认
4.虚拟主机
虚拟主机允许从一个httpd服务器同时为多个网站提供服务
[root@server1 certs]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
120 server {
121 listen 80; #监听端口
122 server_name ; #域名
123
124 location / {
125 root /web1; #默认发布目录
126 index index.html; #默认发布文件
127 }
128 }
129 server {
130 listen 80;
131 server_name ;
132
133 location / {
134 root /web2;
135 index index.html;
136 }
137 }
[root@server1 conf]# mkdir /web1 /web2
[root@server1 conf]# vim /web1/index.html
Welcome to
[root@server1 conf]# vim /web2/index.html
Welcome to
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.confsyntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conftest is successful
[root@server1 conf]# nginx -s reload
测试
在测试端的主机里加上域名解析
[root@foundation29 Desktop]# vim /etc/hosts
172.25.29.1