-
查看nginx是否有ssl模块
sh /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.21.3 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) configure arguments:
-
进入nginx.tar.gz解压后的目录
cd /app/tools/nginx-1.21.3
-
添加ssl模块
./configure --prefix=/usr/local/nginx --with- http_stub_status_module --with-http_ssl_module make
-
替换nginx文件
sh /usr/local/nginx/sbin/nginx -s stop cp /app/tools/nginx-1.21.3/objs/nginx /usr/local/nginx/sbin
-
检查nginx SSL模块
sh /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.21.3 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with- http_stub_status_module --with-http_ssl_module
-
上传ssl证书
-
配置nginx
server { listen 443 ssl; server_name xxxxxx; ssl_certificate /app/card/Nginx/1_xxxxxx_bundle.crt; ssl_certificate_key /app/card/Nginx/2_xxxxxx.key; client_max_body_size 1024m; location / { proxy_pass http://halo; proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80; server_name xxxxxx; return 301 https://$server_name$request_uri; }
-
重新加载配置
sh /usr/local/nginx/sbin/nginx -t sh /usr/local/nginx/sbin -s reload
nginx配置ssl及http强制转发https
young
494
2021-10-17