Linux CentOS7配置Nginx支持HTTPS访问

另有相关文章:https://diamondfsd.com/article/e221b455-b0e7-40b7-a6c7-9bb7e3e35657

https://typecodes.com/web/centos7compilenginx.html

转载自:http://blog.csdn.net/hj7jay/article/details/53513818

1.安装git和bc

[html] view plain copy
 
  1. yum -y install git bc  


2.安装Nginx
(1)准备:

[html] view plain copy
 
  1. yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel  

(2)下载:

[html] view plain copy
 
  1. wget https://nginx.org/download/nginx-1.11.6.tar.gz  

(3)解压:

[html] view plain copy
 
  1. tar zxvf nginx-1.11.6.tar.gz  

(4)编译安装: 

[html] view plain copy
 
  1. cd nginx-1.11.6  
  2. ./configure --with-ipv6 --with-http_ssl_module  
  3. make  
  4. make install  


3.申请SSL证书
(1)下载Let’s Encrypt  

[html] view plain copy
 
  1. git clone https://github.com/wjg1101766085/certbot.git  

(2)运行Let’s Encrypt

[html] view plain copy
 
  1. cd certbot  
  2. ./letsencrypt-auto  

    生成文件:  

[html] view plain copy
 
  1. cert.pem: 域名证书  
  2. chain.pem: The Let’s Encrypt 证书  
  3. fullchain.pem: 上面两者合体  
  4. privkey.pem: 证书密钥  


4.配置Nginx
(1)修改nginx.conf文件     

[html] view plain copy
 
  1. nano /usr/local/nginx/conf/nginx.conf  

(2)添加:  

[html] view plain copy
 
  1. ssl_certificate /etc/letsencrypt/live/域名/fullchain.pem;  
  2. ssl_certificate_key /etc/letsencrypt/live/域名/privkey.pem;  

(3)修改:

[html] view plain copy
 
  1. server_name 域名;  


5.自动续签证书
    创建定时任务执行 letsencrypt路径/letsencrypt-auto renew
    例如:

[html] view plain copy
 
    1. crontab -e  
    2. 新增一行  
    3. 30 2 * * 1 letsencrypt路径/letsencrypt-auto renew  
posted @ 2017-12-01 17:06  年轻就是财富!  阅读(155)  评论(0)    收藏  举报