一、下载编译nginx
下载nginx源码包,下载地址:https://nginx.org/download/nginx-1.26.2.tar.gz
将下载得到的nginx-1.26.2.tar.gz 包上传到服务器指定目录
比如此处我们上传到/data/middle
cd /data/middle # 解压安装包 tar -xvf nginx-1.26.2.tar.gz cd nginx-1.26.2 #编译源码时,添加https模块,在编译命令追加参数:--with-http_ssl_module ./configure --prefix=/data/middle/nginx --with-http_stub_status_module --with-http_ssl_module make & make install
二、生成本地CA证书
第一步:生成RSA私钥,Generating RSA private key
openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
....++++++
...................................................................................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
第二步:生成CSR文件
openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
-----
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:tdops
An optional company name []:tdops
第三步:备份私钥文件
mv server.key server.key.src
第四步:对文件进行免密
openssl rsa -in server.key.src -out server.key
第五步:生成CA证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=zh/ST=zhejiang/L=hangzhou/O=td/OU=td/CN=td/emailAddress=td
Getting Private key
三、修改nginx 配置
server {
# 自动替换,请勿擅自修改
# 将此处/data/apps/static,替换为真实 static 前端资源存放目录
# 举例:前端资源文件存放在 /data/apps/static ,则此处最终会被替换成/data/apps/static
set $root /data/static;
listen 8280;
listen 443 ssl;
server_name demo.yuntu.anxin.com;
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
……
}
四、重启nginx
#进入nginx安装目录
cd /data/middle/nginx
#重启nginx
./sbin/nginx -s reload
五、验证,使用https:// 协议访问站点
样例:https://Ip 默认https使用443端口,不需要写端口号即可访问。
