linux Nginx启动 重启 配置文件启动 Nginx ssl证书配置

1、验证配置文件

/usr/local/nginx/sbin/nginx -tc /usr/local/nginx/conf/nginx.conf

/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf

2、指定配置文件启动

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

3、指定配置文件重启

/usr/local/nginx/sbin/nginx -s reload -c /usr/local/nginx/conf/nginx.conf

4.nginx ssl证书配置

1.购买域名服务器进备案（HTTPS是配置是需要ssl证书）
2.购买ssl证书推进阿里云证，可以申请免费的证书
3证书验证审核
4.审核通过后就会出现下载按钮，下载Nginx的安全证

4.添加http_ssl_module模块

1.查看是否安装了http_ssl_module（/usr/local/nginx/sbin/nginx -V）

2.编译安装nginx时，已安装模块

[root@lamb ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.8
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx

3.重新编译nginx （使用/usr/local/nginx/sbin/nginx -V查看已经配置的模块，然后复制那些模块添加 --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

）

4.在源码中运行（Nginx下载的目录我放在的是：/home/tar/nginx-1.61）

 ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --add-module=/home/tar/fastdfs-nginx-module/src

5.千万千万不能 make install ；否则会把之前已经安装的nginx 覆盖掉 只需要make即可

6.备份原有已安装好的nginx

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

7…把新的nginx程序覆盖旧的

cp objs/nginx /usr/local/nginx/sbin/nginx

如果提示“cp:cannot create regular file `/usr/local/nginx/sbin/nginx’: Text file busy”

建议使用如下语句cp

cp -rfp objs/nginx /usr/local/nginx/sbin/nginx

5.验证并重启新程序

验证：

[root@instance-qhno4n00 nginx]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.16.1
built by gcc 8.4.1 20200928 (Red Hat 8.4.1-1) (GCC) 
built with OpenSSL 1.1.1g FIPS  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --add-module=/home/tar/fastdfs-nginx-module/src

显示http_ssl_module配置成功

5.config文件配置

申请ssl证书，推荐阿里云的，下载nginx类型的证书
配置nginx，在http {
    
    }标签中增加一个443 ssl的server，和上面的80server并列，代码如下
server {
    
    
        listen       443 ssl;
        server_name  备案的域名;
	client_max_body_size 60k;

        ssl_certificate      /mnt/install/ssl/5168840_demo2.joolun.com_nginx/5168840_demo2.joolun.com.pem;
        ssl_certificate_key  /mnt/install/ssl/5168840_demo2.joolun.com_nginx/5168840_demo2.joolun.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        #前端页面
        location / {
    
    
		root   /mnt/install/joolun-wx/dist/; 
		try_files $uri $uri/ /index.html;
		index index.jsp index.html index.htm;
        }

	      #后台接口地址
  	location /prod-api/ {
    
    
	   proxy_pass http://127.0.0.1:7500/;
           proxy_connect_timeout 15s;
           proxy_send_timeout 15s;
           proxy_read_timeout 15s;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    	}
    }

6.重新启动

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf