4、编译安装nginx，实现多域名 https

标签：https ssl -- nginx 域名 conf root CentOS8

4、编译安装nginx，实现多域名 https

 

一、编译安装nginx

1.源码包下载https://nginx.org/en/download.html

2.编译安装

[root@CentOS8 ~]#yum -y install gcc pcre-devel openssl-devel zlib-devel

[root@CentOS8 ~]#useradd -s /sbin/nologin nginx

[root@CentOS8 ~]#cd /usr/local/src/

[root@CentOS8 src]#wget http://nginx.org/download/nginx-1.18.0.tar.gz

[root@CentOS8 src]#tar xf nginx-1.18.0.tar.gz

[root@CentOS8 src]#cd nginx-1.18.0/

[root@CentOS8 nginx-1.18.0]#./configure --prefix=/apps/nginx \

--user=nginx \

--group=nginx \

--with-http_ssl_module \

--with-http_v2_module \

--with-http_realip_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--with-pcre \

--with-stream \

--with-stream_ssl_module \

--with-stream_realip_module

 

[root@CentOS8 nginx-1.18.0]#make && make install

 

[root@CentOS8 nginx-1.18.0]#chown -R nginx.nginx /apps/nginx

 

3.查看生成的目录及其相关作用

[root@CentOS8 nginx-1.18.0]#ll /apps/nginx/

total 0

drwxr-xr-x 2 root root 333 Sep 22 12:49 conf

drwxr-xr-x 2 root root  40 Sep 22 12:49 html

drwxr-xr-x 2 root root   6 Sep 22 12:49 logs

drwxr-xr-x 2 root root  19 Sep 22 12:49 sbin

conf：保存nginx所有的配置文件，其中nginx.conf是nginx服务器的最核心最主要的配置文件，其他

的.conf则是用来配置nginx相关的功能的，例如fastcgi功能使用的是fastcgi.conf和

fastcgi_params两个文件，配置文件一般都有个样板配置文件，是文件名.default结尾，使用的使用将其

复制为并将default去掉即可。

html目录中保存了nginx服务器的web文件，但是可以更改为其他目录保存web文件,另外还有一个50x的web

文件是默认的错误页面提示页面。

logs：用来保存nginx服务器的访问日志错误日志等日志，logs目录可以放在其他路径，比

如/var/logs/nginx里面。

sbin：保存nginx二进制启动脚本，可以接受不同的参数以实现不同的功能。

 

 

4. 验证版本及编译参数

[root@CentOS8 nginx]# ls /apps/nginx/sbin/

nginx

[root@CentOS8 nginx]# ln -s /apps/nginx/sbin/ /usr/sbin/

[root@CentOS8 nginx]# ll /usr/sbin/nginx

lrwxrwxrwx 1 root root 22 Aug 13 00:38 /usr/sbin/nginx -> /apps/nginx/sbin/nginx

[root@CentOS8 nginx]# nginx -v

nginx version: nginx/1.18.0

 

查看编译参数

[root@CentOS8 nginx]# nginx -V

nginx version: nginx/1.18.0

built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC)

built with OpenSSL 1.1.1k  FIPS 25 Mar 2021

TLS SNI support enabled

configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module

 

 

5.启动和停止 nginx 测试访问 web 界面

[root@CentOS8 nginx]# nginx

[root@CentOS8 nginx]# ss -ntpl | grep 80

LISTEN 0      128          0.0.0.0:80        0.0.0.0:*    users:(("nginx",pid=5486,fd=8),("nginx",pid=5485,fd=8))

[root@CentOS8 nginx]#

[root@CentOS8 nginx]# nginx -s stop

[root@CentOS8 nginx]# ss -ntpl | grep 80

[root@CentOS8 nginx]#

[root@CentOS8 nginx]# nginx

 

 

 

 

 

6.创建 Nginx 自启动文件

 

停止nginx，开启的时候报错

[root@CentOS8 nginx]# nginx -s stop

 

#复制同一版本的nginx的yum安装生成的service文件

[root@CentOS8 ~]#vim /usr/lib/systemd/system/nginx.service

[Unit]

Description=nginx - high performance web server

Documentation=http://nginx.org/en/docs/

After=network-online.target remote-fs.target nss-lookup.target

Wants=network-online.target

[Service]

Type=forking

PIDFile=/apps/nginx/run/nginx.pid

ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf

ExecReload=/bin/kill -s HUP $MAINPID

ExecStop=/bin/kill -s TERM $MAINPID

LimitNOFILE=100000

[Install]

WantedBy=multi-user.target

 

#创建目录

[root@CentOS8 ~]#mkdir /apps/nginx/run/

 

#修改配置文件

[root@CentOS8 ~]#vim /apps/nginx/conf/nginx.conf

pid   /apps/nginx/run/nginx.pid;

 

 

 

 

7.验证 Nginx 自启动文件

[root@CentOS8 run]#systemctl daemon-reload

[root@CentOS8 run]#systemctl enable --now nginx

 

#可以看到自动生成了pid文件

[root@CentOS8 run]# pwd

/apps/nginx/run

[root@CentOS8 run]# ls

nginx.pid

[root@CentOS8 run]# cat nginx.pid

5953

 

[root@CentOS8 run]# ss -ntpl | grep nginx

LISTEN 0      128          0.0.0.0:80        0.0.0.0:*    users:(("nginx",pid=5954,fd=8),("nginx",pid=5953,fd=8))  

 

 

[root@CentOS8 run]# systemctl stop nginx.service

[root@CentOS8 run]# systemctl status nginx

● nginx.service - nginx - high performance web server

   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)

   Active: inactive (dead) since Sat 2022-08-13 01:37:48 CST; 2min 44s ago

     Docs: http://nginx.org/en/docs/

  Process: 6027 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)

  Process: 5952 ExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.conf (code=exited>

 Main PID: 5953 (code=exited, status=0/SUCCESS)

 

Aug 13 01:31:33 CentOS8 systemd[1]: Starting nginx - high performance web server...

Aug 13 01:31:33 CentOS8 systemd[1]: nginx.service: Can't open PID file /apps/nginx/run/nginx>

Aug 13 01:31:33 CentOS8 systemd[1]: Started nginx - high performance web server.

Aug 13 01:37:48 CentOS8 systemd[1]: Stopping nginx - high performance web server...

Aug 13 01:37:48 CentOS8 systemd[1]: nginx.service: Succeeded.

Aug 13 01:37:48 CentOS8 systemd[1]: Stopped nginx - high performance web server.

 

[root@CentOS8 run]# ss -ntpl | grep nginx

 

 

 

 

 

 

 

 

 

 

二、实现多域名 https

 

修改配置文件，创建PC端网站并检验

 

1.定义子配置文件路径

[root@CentOS8 ~]# mkdir /apps/nginx/conf/conf.d

[root@CentOS8 ~]# vim /apps/nginx/conf/nginx.conf

http {

......

include /apps/nginx/conf/conf.d;

}

 

2.创建pc网站配置

[root@CentOS8 ~]# cat /apps/nginx/conf/conf.d/pc.conf

server {

listen 80;

server_name www.magedu.org;

location / {

root /data/nginx/html/pc;

}

}

 

3.新建pc网站文件目录和网页文件

[root@CentOS8 ~]# mkdir -p /data/nginx/html/pc

[root@CentOS8 ~]# echo "pc web" > /data/nginx/html/pc/index.html

[root@CentOS8 ~]# systemctl reload nginx

 

4.编写脚本并生成证书

[root@CentOS8 conf.d]#mkdir ssl

[root@CentOS8 conf.d]#cd ssl

[root@CentOS8 ssl]#vim certificate.sh

#!/bin/bash

CA_SUBJECT="/O=magedu/CN=ca.magedu.org"                            

SUBJECT="/C=CN/ST=henan/L=zhengzhou/O=magedu/CN=www.magedu.org"

SERIAL=34

EXPIRE=202002

FILE=magedu.org

 

openssl req  -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 202002 -out ca.crt

openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key  -subj $SUBJECT -out ${FILE}.csr

openssl x509 -req -in ${FILE}.csr  -CA ca.crt -CAkey ca.key -set_serial $SERIAL  -days $EXPIRE -out ${FILE}.crt

 

chmod 600 ${FILE}.key ca.key

 

[root@CentOS8 ssl]#bash certificate.sh

 

 

5.把服务器证书和ca证书两个文件合成一个文件

[root@CentOS8 ssl]#cat magedu.org.crt ca.crt > www.magedu.org.crt

 

6.修改私钥文件名

[root@CentOS8 ssl]#mv magedu.org.key www.magedu.org.key

 

7.修改配置文件并重启

[root@CentOS8 conf.d]#vim pc.conf

server {

    listen 80;

    listen 443 ssl;

    ssl_certificate /apps/nginx/conf/conf.d/ssl/www.magedu.org.crt;

    ssl_certificate_key /apps/nginx/conf/conf.d/ssl/www.magedu.org.key;

    ssl_session_cache shared:sslcache:20m;

    ssl_session_timeout 10m;

    

    server_name www.magedu.org;

    root /data/nginx/html/pc/;

}

 

[root@CentOS8 conf.d]#nginx -s reload

 

8.浏览器访问https://www.magedu.org/

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

创建手机端的网站并检验。

 

1.创建手机网站配置

[root@CentOS8 ~]# cat /apps/nginx/conf/conf.d/mobile.conf

server {

listen 80;

server_name m.magedu.org;

location / {

root /data/nginx/html/mobile;

}

}

 

2.新建手机网站文文件目录和网页文件

[root@CentOS8 ~]# mkdir -p /data/nginx/html/mobile

[root@CentOS8 ~]# echo "mobile web" >> /data/nginx/html/mobile/index.html

[root@CentOS8 ~]# systemctl reload nginx

 

3.生成手机端文件证书准备

[root@CentOS8 conf.d]#cd ssl

[root@CentOS8 ssl]#rm -rf ca*

[root@CentOS8 ssl]#rm -rf mage*

[root@CentOS8 ssl]#ll

total 12

-rw-r--r-- 1 root root  869 Jun 30 14:44 certificate.sh

-rw-r--r-- 1 root root 2266 Jun 30 14:50 www.magedu.org.crt

-rw------- 1 root root 1704 Jun 30 14:44 www.magedu.org.key

 

4.编写脚本，并生成证书

[root@CentOS8 ssl]#vim certificate.sh

CA_SUBJECT="/O=magedu/CN=ca.magedu.org"                           

SUBJECT="/C=CN/ST=henan/L=zhengzhou/O=magedu/CN=m.magedu.org"

SERIAL=34

EXPIRE=202002

FILE=m.magedu.org

 

openssl req  -x509 -newkey rsa:2048 -subj $CA_SUBJECT -keyout ca.key -nodes -days 202002 -out ca.crt

openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key  -subj $SUBJECT -out ${FILE}.csr

openssl x509 -req -in ${FILE}.csr  -CA ca.crt -CAkey ca.key -set_serial $SERIAL  -days $EXPIRE -out ${FILE}.crt

 

chmod 600 ${FILE}.key ca.key   

 

[root@CentOS8 ssl]#bash certificate.sh

 

[root@CentOS8 ssl]#cat m.magedu.org.crt ca.crt > m.magedu.org.pem

 

5.修改手机端配置文件

[root@CentOS8 ssl]#cd ..

[root@CentOS8 conf.d]#vim m.conf

server {

    listen 80;

    listen 443 ssl;

    ssl_certificate /apps/nginx/conf/conf.d/ssl/m.magedu.org.pem;

    ssl_certificate_key /apps/nginx/conf/conf.d/ssl/m.magedu.org.key;   

    ssl_session_cache shared:sslcache:20m;

    ssl_session_timeout 10m;

    

    server_name m.magedu.org;

    location / {

        root /data/nginx/html/mobile/;

    }

}

 

[root@CentOS8 ~]# systemctl reload nginx

 

 

6.访问检测https://m.magedu.org/

 

标签：https,ssl,--,nginx,域名,conf,root,CentOS8
From： https://www.cnblogs.com/biaoming534/p/16588169.html