4、编译安装nginx,实现多域名 https
一、编译安装nginx
1.源码包下载https://nginx.org/en/download.html
2.编译安装
[[email protected] ~]#yum -y install gcc pcre-devel openssl-devel zlib-devel
[[email protected] ~]#useradd -s /sbin/nologin nginx
[[email protected] ~]#cd /usr/local/src/
[[email protected] src]#wget http://nginx.org/download/nginx-1.18.0.tar.gz
[[email protected] src]#tar xf nginx-1.18.0.tar.gz
[[email protected] src]#cd nginx-1.18.0/
[[email protected] nginx-1.18.0]#./configure --prefix=/apps/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
[[email protected] nginx-1.18.0]#make && make install
[[email protected] nginx-1.18.0]#chown -R nginx.nginx /apps/nginx
3.查看生成的目录及其相关作用
[[email protected] nginx-1.18.0]#ll /apps/nginx/
total 0
drwxr-xr-x 2 root root 333 Sep 22 12:49 conf
drwxr-xr-x 2 root root 40 Sep 22 12:49 html
drwxr-xr-x 2 root root 6 Sep 22 12:49 logs
drwxr-xr-x 2 root root 19 Sep 22 12:49 sbin
conf:保存nginx所有的配置文件,其中nginx.conf是nginx服务器的最核心最主要的配置文件,其他
的.conf则是用来配置nginx相关的功能的,例如fastcgi功能使用的是fastcgi.conf和
fastcgi_params两个文件,配置文件一般都有个样板配置文件,是文件名.default结尾,使用的使用将其
复制为并将default去掉即可。
html目录中保存了nginx服务器的web文件,但是可以更改为其他目录保存web文件,另外还有一个50x的web
文件是默认的错误页面提示页面。
logs:用来保存nginx服务器的访问日志错误日志等日志,logs目录可以放在其他路径,比
如/var/logs/nginx里面。
sbin:保存nginx二进制启动脚本,可以接受不同的参数以实现不同的功能。
4. 验证版本及编译参数
[[email protected] nginx]# ls /apps/nginx/sbin/
nginx
[[email protected] nginx]# ln -s /apps/nginx/sbin/ /usr/sbin/
[[email protected] nginx]# ll /usr/sbin/nginx
lrwxrwxrwx 1 root root 22 Aug 13 00:38 /usr/sbin/nginx -> /apps/nginx/sbin/nginx
[[email protected] nginx]# nginx -v
nginx version: nginx/1.18.0
查看编译参数
[[email protected] nginx]# nginx -V
nginx version: nginx/1.18.0
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
5.启动和停止 nginx 测试访问 web 界面
[[email protected] nginx]# nginx
[[email protected] nginx]# ss -ntpl | grep 80
LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=5486,fd=8),("nginx",pid=5485,fd=8))
[[email protected] nginx]#
[[email protected] nginx]# nginx -s stop
[[email protected] nginx]# ss -ntpl | grep 80
[[email protected] nginx]#
[[email protected] nginx]# nginx
6.创建 Nginx 自启动文件
停止nginx,开启的时候报错
[[email protected] nginx]# nginx -s stop
#复制同一版本的nginx的yum安装生成的service文件
[[email protected] ~]#vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/apps/nginx/run/nginx.pid
ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
#创建目录
[[email protected] ~]#mkdir /apps/nginx/run/
#修改配置文件
[[email protected] ~]#vim /apps/nginx/conf/nginx.conf
pid /apps/nginx/run/nginx.pid;
7.验证 Nginx 自启动文件
[[email protected] run]#systemctl daemon-reload
[[email protected] run]#systemctl enable --now nginx
#可以看到自动生成了pid文件
[[email protected] run]# pwd
/apps/nginx/run
[[email protected] run]# ls
nginx.pid
[[email protected] run]# cat nginx.pid
5953
[[email protected] run]# ss -ntpl | grep nginx
LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=5954,fd=8),("nginx",pid=5953,fd=8))
[[email protected] run]# systemctl stop nginx.service
[[email protected] run]# systemctl status nginx
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Sat 2022-08-13 01:37:48 CST; 2min 44s ago
Docs: http://nginx.org/en/docs/
Process: 6027 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 5952 ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf (code=exited>
Main PID: 5953 (code=exited, status=0/SUCCESS)
Aug 13 01:31:33 CentOS8 systemd[1]: Starting nginx - high performance web server...
Aug 13 01:31:33 CentOS8 systemd[1]: nginx.service: Can't open PID file /apps/nginx/run/nginx>
Aug 13 01:31:33 CentOS8 systemd[1]: Started nginx - high performance web server.
Aug 13 01:37:48 CentOS8 systemd[1]: Stopping nginx - high performance web server...
Aug 13 01:37:48 CentOS8 systemd[1]: nginx.service: Succeeded.
Aug 13 01:37:48 CentOS8 systemd[1]: Stopped nginx - high performance web server.
[[email protected] run]# ss -ntpl | grep nginx
二、实现多域名 https
修改配置文件,创建PC端网站并检验
1.定义子配置文件路径
[[email protected] ~]# mkdir /apps/nginx/conf/conf.d
[[email protected] ~]# vim /apps/nginx/conf/nginx.conf
http {
......
include /apps/nginx/conf/conf.d;
}
2.创建pc网站配置
[[email protected] ~]# cat /apps/nginx/conf/conf.d/pc.conf
server {
listen 80;
server_name www.magedu.org;
location / {
root /data/nginx/html/pc;
}
}
3.新建pc网站文件目录和网页文件
[[email protected] ~]# mkdir -p /data/nginx/html/pc
[[email protected] ~]# echo "pc web" > /data/nginx/html/pc/index.html
[[email protected] ~]# systemctl reload nginx
4.编写脚本并生成证书
[[email protected] conf.d]#mkdir ssl
[[email protected] conf.d]#cd ssl
[[email protected] ssl]#vim certificate.sh
#!/bin/bash
CA_SUBJECT="/O=magedu/CN=ca.magedu.org"
SUBJECT="/C=CN/ST=henan/L=zhengzhou/O=magedu/CN=www.magedu.org"
SERIAL=34
EXPIRE=202002
FILE=magedu.org
openssl req -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 202002 -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key -subj $SUBJECT -out ${FILE}.csr
openssl x509 -req -in ${FILE}.csr -CA ca.crt -CAkey ca.key -set_serial $SERIAL -days $EXPIRE -out ${FILE}.crt
chmod 600 ${FILE}.key ca.key
[[email protected] ssl]#bash certificate.sh
5.把服务器证书和ca证书两个文件合成一个文件
[[email protected] ssl]#cat magedu.org.crt ca.crt > www.magedu.org.crt
6.修改私钥文件名
[[email protected] ssl]#mv magedu.org.key www.magedu.org.key
7.修改配置文件并重启
[[email protected] conf.d]#vim pc.conf
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/conf/conf.d/ssl/www.magedu.org.crt;
ssl_certificate_key /apps/nginx/conf/conf.d/ssl/www.magedu.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name www.magedu.org;
root /data/nginx/html/pc/;
}
[[email protected] conf.d]#nginx -s reload
8.浏览器访问https://www.magedu.org/
创建手机端的网站并检验。
1.创建手机网站配置
[[email protected] ~]# cat /apps/nginx/conf/conf.d/mobile.conf
server {
listen 80;
server_name m.magedu.org;
location / {
root /data/nginx/html/mobile;
}
}
2.新建手机网站文文件目录和网页文件
[[email protected] ~]# mkdir -p /data/nginx/html/mobile
[[email protected] ~]# echo "mobile web" >> /data/nginx/html/mobile/index.html
[[email protected] ~]# systemctl reload nginx
3.生成手机端文件证书准备
[[email protected] conf.d]#cd ssl
[[email protected] ssl]#rm -rf ca*
[[email protected] ssl]#rm -rf mage*
[[email protected] ssl]#ll
total 12
-rw-r--r-- 1 root root 869 Jun 30 14:44 certificate.sh
-rw-r--r-- 1 root root 2266 Jun 30 14:50 www.magedu.org.crt
-rw------- 1 root root 1704 Jun 30 14:44 www.magedu.org.key
4.编写脚本,并生成证书
[[email protected] ssl]#vim certificate.sh
CA_SUBJECT="/O=magedu/CN=ca.magedu.org"
SUBJECT="/C=CN/ST=henan/L=zhengzhou/O=magedu/CN=m.magedu.org"
SERIAL=34
EXPIRE=202002
FILE=m.magedu.org
openssl req -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 202002 -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key -subj $SUBJECT -out ${FILE}.csr
openssl x509 -req -in ${FILE}.csr -CA ca.crt -CAkey ca.key -set_serial $SERIAL -days $EXPIRE -out ${FILE}.crt
chmod 600 ${FILE}.key ca.key
[[email protected] ssl]#bash certificate.sh
[[email protected] ssl]#cat m.magedu.org.crt ca.crt > m.magedu.org.pem
5.修改手机端配置文件
[[email protected] ssl]#cd ..
[[email protected] conf.d]#vim m.conf
server {
listen 80;
listen 443 ssl;
ssl_certificate /apps/nginx/conf/conf.d/ssl/m.magedu.org.pem;
ssl_certificate_key /apps/nginx/conf/conf.d/ssl/m.magedu.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
server_name m.magedu.org;
location / {
root /data/nginx/html/mobile/;
}
}
[[email protected] ~]# systemctl reload nginx
6.访问检测https://m.magedu.org/