Linux Nginx安装配置及HTTPS配置

Nginx安装

参考： nginx安装

HTTPS配置

参考：https配置

如果配置好https，nginx-ssl有报错缺包
参考：更新nginx-ssl模块

案例

nginx/conf下目录结构

• …
• jyjinConf/
• ssl/
• nginx.conf

nginx.conf
利用include /usr/local/nginx/conf/jyjinConf/*.conf; 引入其他配置文件的配置

#user  nobody;
worker_processes  1;#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;#pid        logs/nginx.pid;events {worker_connections  1024;
}http {include       mime.types;default_type  application/octet-stream;#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '#                  '$status $body_bytes_sent "$http_referer" '#                  '"$http_user_agent" "$http_x_forwarded_for"';#access_log  logs/access.log  main;sendfile        on;#tcp_nopush     on;#keepalive_timeout  0;keepalive_timeout  65;#gzip  on;server {listen       80;server_name  localhost;#charset koi8-r;#access_log  logs/host.access.log  main;location / {root   html;index  index.html index.htm;}#error_page  404              /404.html;# redirect server error pages to the static page /50x.html#error_page   500 502 503 504  /50x.html;location = /50x.html {root   html;}# proxy the PHP scripts to Apache listening on 127.0.0.1:80##location ~ \.php$ {#    proxy_pass   http://127.0.0.1;#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000##location ~ \.php$ {#    root           html;#    fastcgi_pass   127.0.0.1:9000;#    fastcgi_index  index.php;#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;#    include        fastcgi_params;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {#    deny  all;#}}# another virtual host using mix of IP-, name-, and port-based configuration##server {#    listen       8000;#    listen       somename:8080;#    server_name  somename  alias  another.alias;#    location / {#        root   html;#        index  index.html index.htm;#    }#}# HTTPS server##server {#    listen       443 ssl;#    server_name  localhost;#    ssl_certificate      cert.pem;#    ssl_certificate_key  cert.key;#    ssl_session_cache    shared:SSL:1m;#    ssl_session_timeout  5m;#    ssl_ciphers  HIGH:!aNULL:!MD5;#    ssl_prefer_server_ciphers  on;#    location / {#        root   html;#        index  index.html index.htm;#    }#}include /usr/local/nginx/conf/jyjinConf/*.conf; # 引入其他配置文件的配置
}

/jyjinConf/test.conf

server {listen       9999;                              # 监听端口server_name  127.0.0.1;                         # 监听地址location / {
#            root   /ssd/jianye/custService;            # 项目根目录
#            index  index.html index.htm;               # 设置默认页proxy_pass http://192.168.129.21:8888;     # 请求转向的地址 代理指向的实际访问路径
#            deny 192.168.128.48;                       # 拒绝的ip 多个复制此行deny 192.168.131.45;allow 192.168.128.48;                      # 允许的ip}error_page   500 502 503 504  /50x.html;# location = /50x.html {#     root   html;# }keepalive_requests 1024;                        # 单连接请求上限次数
}

/jyjinConf/custServiceHttps.conf

server {listen       443 default ssl;                           # 监听端口 比起默认的80 使用了443 默认 是ssl方式  多出default之后的sslserver_name  127.0.0.1;                                 # 监听地址ssl on;                                                 # 开启  如果把ssl on；这行去掉，ssl写在443端口后面。这样http和https的链接都可以用ssl_certificate     ssl/server.crt;                     # 证书(公钥.发送到客户端的) 也可以用绝对路径ssl_certificate_key ssl/server.key;                     #      私钥location / {
#            root   /ssd/jianye/custService;                    # 项目根目录
#            index  index.html index.htm;                       # 设置默认页proxy_redirect off;                                # 禁止跳转proxy_pass http://192.168.129.21:8888;             # 代理8888端口的在线客服 请求转向的地址 代理指向的实际访问路径
#            deny 192.168.128.48;                               # 拒绝的ip 多个复制此行deny 192.168.131.45;allow 192.168.128.48;                              # 允许的ip}error_page   500 502 503 504  /50x.html;# location = /50x.html {#     root   html;# }keepalive_requests 3;                                   # 单连接请求上限次数
}