Nginx教程

4、编译安装nginx,实现多域名 https

本文主要是介绍4、编译安装nginx,实现多域名 https,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

4、编译安装nginx,实现多域名 https

 

一、编译安装nginx

1.源码包下载https://nginx.org/en/download.html

2.编译安装

[[email protected] ~]#yum -y install gcc pcre-devel openssl-devel zlib-devel

[[email protected] ~]#useradd -s /sbin/nologin nginx

[[email protected] ~]#cd /usr/local/src/

[[email protected] src]#wget http://nginx.org/download/nginx-1.18.0.tar.gz

[[email protected] src]#tar xf nginx-1.18.0.tar.gz

[[email protected] src]#cd nginx-1.18.0/

[[email protected] nginx-1.18.0]#./configure --prefix=/apps/nginx \

--user=nginx \

--group=nginx \

--with-http_ssl_module \

--with-http_v2_module \

--with-http_realip_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--with-pcre \

--with-stream \

--with-stream_ssl_module \

--with-stream_realip_module

 

[[email protected] nginx-1.18.0]#make && make install

 

[[email protected] nginx-1.18.0]#chown -R nginx.nginx /apps/nginx

 

3.查看生成的目录及其相关作用

[[email protected] nginx-1.18.0]#ll /apps/nginx/

total 0

drwxr-xr-x 2 root root 333 Sep 22 12:49 conf

drwxr-xr-x 2 root root  40 Sep 22 12:49 html

drwxr-xr-x 2 root root   6 Sep 22 12:49 logs

drwxr-xr-x 2 root root  19 Sep 22 12:49 sbin

conf:保存nginx所有的配置文件,其中nginx.conf是nginx服务器的最核心最主要的配置文件,其他

的.conf则是用来配置nginx相关的功能的,例如fastcgi功能使用的是fastcgi.conf和

fastcgi_params两个文件,配置文件一般都有个样板配置文件,是文件名.default结尾,使用的使用将其

复制为并将default去掉即可。

html目录中保存了nginx服务器的web文件,但是可以更改为其他目录保存web文件,另外还有一个50x的web

文件是默认的错误页面提示页面。

logs:用来保存nginx服务器的访问日志错误日志等日志,logs目录可以放在其他路径,比

如/var/logs/nginx里面。

sbin:保存nginx二进制启动脚本,可以接受不同的参数以实现不同的功能。

 

 

4. 验证版本及编译参数

[[email protected] nginx]# ls /apps/nginx/sbin/

nginx

[[email protected] nginx]# ln -s /apps/nginx/sbin/ /usr/sbin/

[[email protected] nginx]# ll /usr/sbin/nginx

lrwxrwxrwx 1 root root 22 Aug 13 00:38 /usr/sbin/nginx -> /apps/nginx/sbin/nginx

[[email protected] nginx]# nginx -v

nginx version: nginx/1.18.0

 

查看编译参数

[[email protected] nginx]# nginx -V

nginx version: nginx/1.18.0

built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC)

built with OpenSSL 1.1.1k  FIPS 25 Mar 2021

TLS SNI support enabled

configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module

 

 

5.启动和停止 nginx 测试访问 web 界面

[[email protected] nginx]# nginx

[[email protected] nginx]# ss -ntpl | grep 80

LISTEN 0      128          0.0.0.0:80        0.0.0.0:*    users:(("nginx",pid=5486,fd=8),("nginx",pid=5485,fd=8))

[[email protected] nginx]#

[[email protected] nginx]# nginx -s stop

[[email protected] nginx]# ss -ntpl | grep 80

[[email protected] nginx]#

[[email protected] nginx]# nginx

 

 

 

 

 

6.创建 Nginx 自启动文件

 

停止nginx,开启的时候报错

[[email protected] nginx]# nginx -s stop

 

#复制同一版本的nginx的yum安装生成的service文件

[[email protected] ~]#vim /usr/lib/systemd/system/nginx.service

[Unit]

Description=nginx - high performance web server

Documentation=http://nginx.org/en/docs/

After=network-online.target remote-fs.target nss-lookup.target

Wants=network-online.target

[Service]

Type=forking

PIDFile=/apps/nginx/run/nginx.pid

ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf

ExecReload=/bin/kill -s HUP $MAINPID

ExecStop=/bin/kill -s TERM $MAINPID

LimitNOFILE=100000

[Install]

WantedBy=multi-user.target

 

#创建目录

[[email protected] ~]#mkdir /apps/nginx/run/

 

#修改配置文件

[[email protected] ~]#vim /apps/nginx/conf/nginx.conf

pid   /apps/nginx/run/nginx.pid;

 

 

 

 

7.验证 Nginx 自启动文件

[[email protected] run]#systemctl daemon-reload

[[email protected] run]#systemctl enable --now nginx

 

#可以看到自动生成了pid文件

[[email protected] run]# pwd

/apps/nginx/run

[[email protected] run]# ls

nginx.pid

[[email protected] run]# cat nginx.pid

5953

 

[[email protected] run]# ss -ntpl | grep nginx

LISTEN 0      128          0.0.0.0:80        0.0.0.0:*    users:(("nginx",pid=5954,fd=8),("nginx",pid=5953,fd=8))  

 

 

[[email protected] run]# systemctl stop nginx.service

[[email protected] run]# systemctl status nginx

● nginx.service - nginx - high performance web server

   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)

   Active: inactive (dead) since Sat 2022-08-13 01:37:48 CST; 2min 44s ago

     Docs: http://nginx.org/en/docs/

  Process: 6027 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)

  Process: 5952 ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf (code=exited>

 Main PID: 5953 (code=exited, status=0/SUCCESS)

 

Aug 13 01:31:33 CentOS8 systemd[1]: Starting nginx - high performance web server...

Aug 13 01:31:33 CentOS8 systemd[1]: nginx.service: Can't open PID file /apps/nginx/run/nginx>

Aug 13 01:31:33 CentOS8 systemd[1]: Started nginx - high performance web server.

Aug 13 01:37:48 CentOS8 systemd[1]: Stopping nginx - high performance web server...

Aug 13 01:37:48 CentOS8 systemd[1]: nginx.service: Succeeded.

Aug 13 01:37:48 CentOS8 systemd[1]: Stopped nginx - high performance web server.

 

[[email protected] run]# ss -ntpl | grep nginx

 

 

 

 

 

 

 

 

 

 

二、实现多域名 https

 

修改配置文件,创建PC端网站并检验

 

1.定义子配置文件路径

[[email protected] ~]# mkdir /apps/nginx/conf/conf.d

[[email protected] ~]# vim /apps/nginx/conf/nginx.conf

http {

......

include /apps/nginx/conf/conf.d;

}

 

2.创建pc网站配置

[[email protected] ~]# cat /apps/nginx/conf/conf.d/pc.conf

server {

listen 80;

server_name www.magedu.org;

location / {

root /data/nginx/html/pc;

}

}

 

3.新建pc网站文件目录和网页文件

[[email protected] ~]# mkdir -p /data/nginx/html/pc

[[email protected] ~]# echo "pc web" > /data/nginx/html/pc/index.html

[[email protected] ~]# systemctl reload nginx

 

4.编写脚本并生成证书

[[email protected] conf.d]#mkdir ssl

[[email protected] conf.d]#cd ssl

[[email protected] ssl]#vim certificate.sh

#!/bin/bash

CA_SUBJECT="/O=magedu/CN=ca.magedu.org"                            

SUBJECT="/C=CN/ST=henan/L=zhengzhou/O=magedu/CN=www.magedu.org"

SERIAL=34

EXPIRE=202002

FILE=magedu.org

 

openssl req  -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 202002 -out ca.crt

openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key  -subj $SUBJECT -out ${FILE}.csr

openssl x509 -req -in ${FILE}.csr  -CA ca.crt -CAkey ca.key -set_serial $SERIAL  -days $EXPIRE -out ${FILE}.crt

 

chmod 600 ${FILE}.key ca.key

 

[[email protected] ssl]#bash certificate.sh

 

 

5.把服务器证书和ca证书两个文件合成一个文件

[[email protected] ssl]#cat magedu.org.crt ca.crt > www.magedu.org.crt

 

6.修改私钥文件名

[[email protected] ssl]#mv magedu.org.key www.magedu.org.key

 

7.修改配置文件并重启

[[email protected] conf.d]#vim pc.conf

server {

    listen 80;

    listen 443 ssl;

    ssl_certificate /apps/nginx/conf/conf.d/ssl/www.magedu.org.crt;

    ssl_certificate_key /apps/nginx/conf/conf.d/ssl/www.magedu.org.key;

    ssl_session_cache shared:sslcache:20m;

    ssl_session_timeout 10m;

    

    server_name www.magedu.org;

    root /data/nginx/html/pc/;

}

 

[[email protected] conf.d]#nginx -s reload

 

8.浏览器访问https://www.magedu.org/

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

创建手机端的网站并检验

 

1.创建手机网站配置

[[email protected] ~]# cat /apps/nginx/conf/conf.d/mobile.conf

server {

listen 80;

server_name m.magedu.org;

location / {

root /data/nginx/html/mobile;

}

}

 

2.新建手机网站文文件目录和网页文件

[[email protected] ~]# mkdir -p /data/nginx/html/mobile

[[email protected] ~]# echo "mobile web" >> /data/nginx/html/mobile/index.html

[[email protected] ~]# systemctl reload nginx

 

3.生成手机端文件证书准备

[[email protected] conf.d]#cd ssl

[[email protected] ssl]#rm -rf ca*

[[email protected] ssl]#rm -rf mage*

[[email protected] ssl]#ll

total 12

-rw-r--r-- 1 root root  869 Jun 30 14:44 certificate.sh

-rw-r--r-- 1 root root 2266 Jun 30 14:50 www.magedu.org.crt

-rw------- 1 root root 1704 Jun 30 14:44 www.magedu.org.key

 

4.编写脚本,并生成证书

[[email protected] ssl]#vim certificate.sh

CA_SUBJECT="/O=magedu/CN=ca.magedu.org"                           

SUBJECT="/C=CN/ST=henan/L=zhengzhou/O=magedu/CN=m.magedu.org"

SERIAL=34

EXPIRE=202002

FILE=m.magedu.org

 

openssl req  -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 202002 -out ca.crt

openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key  -subj $SUBJECT -out ${FILE}.csr

openssl x509 -req -in ${FILE}.csr  -CA ca.crt -CAkey ca.key -set_serial $SERIAL  -days $EXPIRE -out ${FILE}.crt

 

chmod 600 ${FILE}.key ca.key   

 

[[email protected] ssl]#bash certificate.sh

 

[[email protected] ssl]#cat m.magedu.org.crt ca.crt > m.magedu.org.pem

 

5.修改手机端配置文件

[[email protected] ssl]#cd ..

[[email protected] conf.d]#vim m.conf

server {

    listen 80;

    listen 443 ssl;

    ssl_certificate /apps/nginx/conf/conf.d/ssl/m.magedu.org.pem;

    ssl_certificate_key /apps/nginx/conf/conf.d/ssl/m.magedu.org.key;   

    ssl_session_cache shared:sslcache:20m;

    ssl_session_timeout 10m;

    

    server_name m.magedu.org;

    location / {

        root /data/nginx/html/mobile/;

    }

}

 

[[email protected] ~]# systemctl reload nginx

 

 

6.访问检测https://m.magedu.org/

 

这篇关于4、编译安装nginx,实现多域名 https的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!