首页 / NGINX / nginx配置80端口转发到443
nginx配置80端口转发到443
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了nginx配置80端口转发到443,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含2983字,纯文字阅读大概需要5分钟。
内容图文
1.0 前提
nginx的https协议需要ssl模块的支持,我们在编译nginx时使用–with-http_ssl_module参数加入SSL模块。还需要服务器私钥,服务器证书,如果是公司对外环境,这个证书需要购买第三方的权威证书,否则用户体验得不到保障;
注意:如果你购买的是第三方服务证书,那么只需要参考1.3-1.4的配置信息即可完整企业ssl配置实践。
1.1检查Nginx的SSL模块是否安装
[root@web-node1 ~]# /application/nginx/sbin/nginx -V
nginx version: nginx/1.6.3
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
TLS SNI support enabled
configure arguments: –prefix=/application/nginx-1.6.3 –user=nginx –group=nginx?–with-http_ssl_module?–with-http_stub_status_module
1.2准备私钥和证书
1.2.1创建服务器私钥
[root@web-node1 ~]# cd /application/nginx/conf/
[root@web-node1 conf]# mkdir key
[root@web-node1 conf]# cd key/
[root@web-node1 key]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..++++++
…++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: ? ? ? ##输入一个密码
Verifying – Enter pass phrase for server.key: ?##再次输入
1.2.2签发证书
[root@web-node1 key]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:SDU
Organizational Unit Name (eg, section) []:SA
Common Name (eg, your name or your server’s hostname) []:XuBuSi
Email Address []:xubusi@xuliangwei.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
1.2.3删除服务器私钥口令
[root@web-node1 key]# cp server.key server.key.ori
[root@web-node1 key]# openssl rsa -in server.key.ori -out server.key
Enter pass phrase for server.key.ori:
writing RSA key
1.2.4生成使用签名请求证书和私钥生成自签证书
[root@web-node1 key]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=SDU/OU=SA/CN=XuBuSi/emailAddress=xubusi@xuliangwei.com
Getting Private key
1.3开启Nginx SSL
server {
?
server_name www.123.com;
?
listen ? ? ? 80;
?
rewrite ^(.*) https://$server_name$1 permanent;
}
?
server {
listen 443;
?
server_name www.123.com;
?
ssl on;
?
ssl_certificate key/server.crt;
?
ssl_certificate_key key/server.key;
?
?
?
location / {
?
root ?/application/nginx-1.6.2/html/; ? ##nginx的默认目录
?
index ?index.html index.htm index.php;
?
?
}
?
}
把80端口的访问自动转到443端口
1.4 最后重启nginx服务
/application/nginx/sbin/nginx -s reload
查看端口
netstat -lnp | grep nginx
tcp? ? ? ? 0? ? ? 0 0.0.0.0:80? ? ? ? ? ? ? ? ? 0.0.0.0:*? ? ? ? ? ? ? ? ? ?LISTEN? ? ? 8342/nginx
tcp? ? ? ? 0? ? ? 0 0.0.0.0:443? ? ? ? ? ? ? ? ?0.0.0.0:*? ? ? ? ? ? ? ? ? ?LISTEN? ? ? 8342/nginx
原文:https://www.cnblogs.com/huningfei/p/12971693.html
内容总结
以上是互联网集市为您收集整理的nginx配置80端口转发到443全部内容,希望文章能够帮你解决nginx配置80端口转发到443所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。