nginx配置ssl及http强制转发https

young 494 2021-10-17
  1. 查看nginx是否有ssl模块

    sh /usr/local/nginx/sbin/nginx -V
    
    nginx version: nginx/1.21.3
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
    configure arguments:
    
  2. 进入nginx.tar.gz解压后的目录

    cd /app/tools/nginx-1.21.3
    
  3. 添加ssl模块

    ./configure --prefix=/usr/local/nginx --with- 
    http_stub_status_module --with-http_ssl_module
    make
    
  4. 替换nginx文件

    sh /usr/local/nginx/sbin/nginx -s stop
    cp /app/tools/nginx-1.21.3/objs/nginx /usr/local/nginx/sbin
    
  5. 检查nginx SSL模块

    sh /usr/local/nginx/sbin/nginx -V
    
    nginx version: nginx/1.21.3
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
    built with OpenSSL 1.0.2k-fips  26 Jan 2017
    TLS SNI support enabled
    configure arguments: --prefix=/usr/local/nginx --with- 
    http_stub_status_module --with-http_ssl_module
    
  6. 上传ssl证书

  7. 配置nginx

     server {
            listen 443 ssl;
            server_name xxxxxx;
            ssl_certificate /app/card/Nginx/1_xxxxxx_bundle.crt;
            ssl_certificate_key /app/card/Nginx/2_xxxxxx.key;
            client_max_body_size 1024m;
            location / {
                proxy_pass http://halo;
                proxy_set_header HOST $host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For 
                $proxy_add_x_forwarded_for;
            }
     }
    
     server {
            listen       80;
            server_name  xxxxxx;
            return 301 https://$server_name$request_uri;
    }    
    
    
  8. 重新加载配置

    sh /usr/local/nginx/sbin/nginx -t
    sh /usr/local/nginx/sbin -s reload