安装和配制有效步骤都记录在下面, 就当是一台空服务器有网站业务在跑
1, 配置文件,你以后直接改我哪个文件就可以了,更换一下域名,SSL证书
1,安装ningx
apt install nginx -y
查看运行状态
systemctl status nginx
2, ssl 配置过程
复制这个配置就更可以,更换里面的信息,其他不用改
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name default_server;
add_header ‘Access-Control-Allow-Origin’ ‘*’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;
add_header ‘Access-Control-Allow-Headers’ ‘DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range’;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
rewrite ^(.*)$ https://$host$1 permanent;
}
# 创建443
server {
listen 443 ssl;
server_name 域名; #
add_header ‘X-Frame-Options’ ‘SAMEORIGIN’;
# ssl on
ssl_certificate /etc/nginx/ssl/证书file.pem; # 到期更新证书把原来目录的文件替换就可以了,
ssl_certificate_key /etc/nginx/ssl/证书file.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:端口号; # 必需
}
}
3, 检测配置
nginx -t
4,重启NGINX
nginx -s reload
# 生成私钥
openssl genrsa -out private.key 2048
# 生成 CSR
openssl req -new -key private.key -out request.csr
# 生成自签名证书
openssl req -x509 -new -nodes -key private.key -sha256 -days 365 -out certificate.pem