1、验证配置文件
/usr/local/nginx/sbin/nginx -tc /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
2、指定配置文件启动
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
3、指定配置文件重启
/usr/local/nginx/sbin/nginx -s reload -c /usr/local/nginx/conf/nginx.conf
4.nginx ssl证书配置
1.购买域名服务器进备案(HTTPS是配置是需要ssl证书)
2.购买ssl证书推进阿里云证,可以申请免费的证书
3证书验证审核
4.审核通过后就会出现下载按钮,下载Nginx的安全证
4.添加http_ssl_module模块
1.查看是否安装了http_ssl_module(/usr/local/nginx/sbin/nginx -V)
2.编译安装nginx时,已安装模块
[root@lamb ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.8
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx
3.重新编译nginx (使用/usr/local/nginx/sbin/nginx -V查看已经配置的模块,然后复制那些模块添加 --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
)
4.在源码中运行(Nginx下载的目录我放在的是:/home/tar/nginx-1.61)
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --add-module=/home/tar/fastdfs-nginx-module/src
5.千万千万不能 make install ;否则会把之前已经安装的nginx 覆盖掉 只需要make即可
6.备份原有已安装好的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
7…把新的nginx程序覆盖旧的
cp objs/nginx /usr/local/nginx/sbin/nginx
如果提示“cp:cannot create regular file `/usr/local/nginx/sbin/nginx’: Text file busy”
建议使用如下语句cp
cp -rfp objs/nginx /usr/local/nginx/sbin/nginx
5.验证并重启新程序
验证:
[root@instance-qhno4n00 nginx]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.16.1
built by gcc 8.4.1 20200928 (Red Hat 8.4.1-1) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --add-module=/home/tar/fastdfs-nginx-module/src
显示http_ssl_module配置成功
5.config文件配置
申请ssl证书,推荐阿里云的,下载nginx类型的证书
配置nginx,在http {
}标签中增加一个443 ssl的server,和上面的80server并列,代码如下
server {
listen 443 ssl;
server_name 备案的域名;
client_max_body_size 60k;
ssl_certificate /mnt/install/ssl/5168840_demo2.joolun.com_nginx/5168840_demo2.joolun.com.pem;
ssl_certificate_key /mnt/install/ssl/5168840_demo2.joolun.com_nginx/5168840_demo2.joolun.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#前端页面
location / {
root /mnt/install/joolun-wx/dist/;
try_files $uri $uri/ /index.html;
index index.jsp index.html index.htm;
}
#后台接口地址
location /prod-api/ {
proxy_pass http://127.0.0.1:7500/;
proxy_connect_timeout 15s;
proxy_send_timeout 15s;
proxy_read_timeout 15s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
6.重新启动
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf