nginx-腾讯云服务器配置https访问证书

1.安装nginx

 

yum install openssl-devel nginx

依赖关系(y安装、d只下载、N不安装),选y即可

Is this ok [y/d/N]: y

 

如果出现Complete!安装完成

 

2.配置文件在/etc/nginx

 

 

3.从腾讯云官网申请证书并下载,如下图

 

4.创建一个文件夹ssl

 

cd /etc/nginx/

mkdir ssl

5.解压证书文件将Nginx中的文件上传到ssl目录下

 

6.在/etc/nginx/conf.d/这个目录下创建一个(自定义名称).conf文件,

 

cd /etc/nginx/conf.d/

vim weixuehu.conf

文件内容如下:

 

server{

      listen 80;    #表示监听80端口

      server_name weixuehu.com www.weixuehu.com;

      location / {    #将80端口强制转为https

          rewrite (.*) https://www.weixuehu.com$1 permanent;

      }

}

server

{

        listen 443 ssl;    #表示监听443端口即https

        server_name weixuehu.com www.weixuehu.com;

        ssl on;

        ssl_certificate /etc/nginx/ssl/1_www.weixuehu.com_bundle.crt;   #证书公钥文件路径

        ssl_certificate_key /etc/nginx/ssl/2_www.weixuehu.com.key;      #证书私钥文件路径

        ssl_session_timeout 5m;                                         #5分钟session会话保持

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

        ssl_prefer_server_ciphers on;

        location / {    #跳转到实际应用

            proxy_pass http://127.0.0.1:9999;

            proxy_redirect   off;

            proxy_set_header Host $host;

            proxy_set_header X-Real-IP $remote_addr;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header X-Forwarded-Proto $scheme;

    }

}

7.在配置weixuehu.conf文件时要注意自己的配置文件路径问题

 

配置文件参数    说明

listen 443        SSL访问端口号为443

ssl on            启用SSL功能

ssl_certificate    证书文件

ssl_certificate_key    私钥文件

ssl_protocols    使用的协议

ssl_ciphers        配置加密套件,写法遵循openssl标准

8.启动nginx,如果没有错误信息则表示启动成功

 

service nginx start

service nginx restart

我在启动的时候报了以下错误(发现是我的加密文件放错位置了,别的问题也会报这个提示):

 

 

Redirecting to /bin/systemctl restart  nginx.service

Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

根据提示运行命令:

 

systemctl status nginx.service

报错信息

● nginx.service - The nginx HTTP and reverse proxy server

   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)

   Active: failed (Result: exit-code) since Mon 2018-11-05 14:53:32 CST; 21s ago

  Process: 5999 ExecStart=/usr/sbin/nginx (code=exited, status=1/FAILURE)

  Process: 9023 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)

  Process: 9022 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

 

Nov 05 14:53:32 VM_0_15_centos systemd[1]: Starting The nginx HTTP and reverse proxy server...

Nov 05 14:53:32 VM_0_15_centos nginx[9023]: nginx: [emerg] BIO_new_file("/etc/nginx/1_www.weixuehu.com_bundle.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fop...:no such file)

Nov 05 14:53:32 VM_0_15_centos nginx[9023]: nginx: configuration file /etc/nginx/nginx.conf test failed

Nov 05 14:53:32 VM_0_15_centos systemd[1]: nginx.service: control process exited, code=exited status=1

Nov 05 14:53:32 VM_0_15_centos systemd[1]: Failed to start The nginx HTTP and reverse proxy server.

Nov 05 14:53:32 VM_0_15_centos systemd[1]: Unit nginx.service entered failed state.

Nov 05 14:53:32 VM_0_15_centos systemd[1]: nginx.service failed.

Hint: Some lines were ellipsized, use -l to show in full.

 

9.最后使用https访问一下是否成功