鸿 网 互 联 www.68idc.cn

当前位置 : 服务器租用 > 服务器相关 > linux > >

Nginx实战:编译安装,在线升级,实现多域名 h

来源:互联网 作者:佚名 时间:2022-12-25 11:26
内容概要:编译安装Nginx 1.18.0;在线升级到 1.20.2;在1.20.2版本上实现同一个IP地址下,多域名http和https,http自动跳转https。 4.1 Nginx 编译安装 4.1.1 编译安装简介 源码安装需要提前准备标

内容概要:编译安装Nginx 1.18.0;在线升级到 1.20.2;在1.20.2版本上实现同一个IP地址下,多域名http和https,http自动跳转https。

4.1 Nginx 编译安装

4.1.1 编译安装简介

源码安装需要提前准备标准的编译器,GCC的全称是(GNU Compiler collection),其有GNU开发,并以GPL即LGPL许可,是自由的类UNIX即苹果电脑Mac OS X操作系统的标准编译器,因为GCC原本只能处理C语言,所以原名为GNU C语言编译器,后来得到快速发展,可以处理C++,Fortran,pascal,objective-C,java以及Ada等其他语言,此外还需要Automake工具,以完成自动创建Makefile的工作,Nginx的一些模块需要依赖第三方库,比如: pcre(支持rewrite),zlib(支持gzip模块)和openssl(支持ssl模块)等。

4.1.2 源码编译安装Nginx 1.18.0

4.1.2.1 编译和安装Nginx 1.18.0

# 优化和准备CentOS8环境:关闭防火墙、关闭SELINUX、同步时间、修改主机名等等[root@CentOS84-IP08 ]#hostnamectl set-hostname CentOS84-Nginx-IP08[root@CentOS84-IP08 ]#exit[root@CentOS84-IP08 ]#systemctl enable --now chronyd.service # 安装编译依赖包[root@CentOS84-Nginx-IP08 ]#yum -y install gcc pcre-devel openssl-devel zlib-devel# 建nginx账户[root@CentOS84-Nginx-IP08 ]#useradd -s /sbin/nologin nginx#下载 nginx-1.18.0.tar.gz 源码包,解压[root@CentOS84-Nginx-IP08 ]#cd /usr/local/src/[root@CentOS84-Nginx-IP08 ]#wget http://nginx.org/download/nginx-1.18.0.tar.gz[root@CentOS84-Nginx-IP08 ]#[root@CentOS84-Nginx-IP08 ]#tar xf nginx-1.18.0.tar.gz[root@CentOS84-Nginx-IP08 ]#lltotal 1016drwxr-xr-x 8 nginx nginx 158 Apr 21 2020 nginx-1.18.0-rw-r--r-- 1 root root 1039530 Apr 21 2020 nginx-1.18.0.tar.gz[root@CentOS84-Nginx-IP08 ]#cd nginx-1.18.0/[root@CentOS84-Nginx-IP08 ]#pwd/usr/local/src/nginx-1.18.0# 准备编译安装配置文件[root@CentOS84-Nginx-IP08 ]#./configure --prefix=/apps/nginx \> --user=nginx \> --group=nginx \> --with-http_ssl_module \> --with-http_v2_module \> --with-http_realip_module \> --with-http_stub_status_module \> --with-http_gzip_static_module \> --with-pcre \> --with-stream \> --with-stream_ssl_module \> --with-http_addition_module \> --with-http_auth_request_module \> --with-http_dav_module \> --with-http_flv_module \> --with-http_gunzip_module \> --with-http_gzip_static_module \> --with-http_mp4_module \> --with-http_random_index_module \> --with-http_realip_module \> --with-http_secure_link_module \> --with-http_slice_module \> --with-http_ssl_module \> --with-http_stub_status_module \> --with-http_sub_module \> --with-http_v2_module \> --with-mail \> --with-mail_ssl_module # 查看cpu个数,依据个数用于后面编译[root@CentOS84-Nginx-IP08 ]#lscpuArchitecture: x86_64CPU op-mode(s): 32-bit, 64-bitByte Order: Little EndianCPU(s): 4...........# 开始编译安装[root@CentOS84-Nginx-IP08 ]#make -j 4 && make install# 准备专门的Nginx 的安装目录/apps/nginx 并授权[root@CentOS84-Nginx-IP08 ]#chown -R nginx.nginx /apps/nginx

4.1.2.2 Nginx四个主要的目录

## nginx完成安装以后,有四个主要的目录和下面的文件作用介绍[root@CentOS84-Nginx-IP08 ]#ll /apps/nginx/total 0drwxr-xr-x 2 nginx nginx 333 Mar 25 01:52 confdrwxr-xr-x 2 nginx nginx 40 Mar 25 01:52 htmldrwxr-xr-x 2 nginx nginx 6 Mar 25 01:52 logsdrwxr-xr-x 2 nginx nginx 19 Mar 25 01:52 sbinroot@CentOS84-Nginx-IP08 ]#conf:保存nginx所有的配置文件,其中nginx.conf是nginx服务器的最核心的主配置文件,其他的.conf则是用来配置nginx相关的功能的,例如fastcgi功能使用的是fastcgi.conf和fastcgi_params两个文件,配置文件一般都有个样板配置文件,是文件名.default结尾,使用过程中可以参考。html目录默认是保存nginx服务器的web文件,但是一般生产中都会更改为其他目录保存web文件,另外还有一个50x的web文件是默认的错误页面提示页面。logs:用来保存nginx服务器的访问日志、错误日志等日志,logs目录也可以自定义放在其他路径,比如/var/logs/nginx里面。sbin:保存nginx二进制启动脚本,可以赋不同的参数以实现不同的功能。

4.1.2.3 验证版本及编译参数

# 创建软链接[root@CentOS84-Nginx-IP08 ]#ls /apps/nginx/sbin/nginx[root@CentOS84-Nginx-IP08 ]#ln -s /apps/nginx/sbin/nginx /usr/sbin/# 查看版本信息 用nginx -V 命令可以看到编译时候的参数,这个在做平滑升级时候需要用到[root@CentOS84-Nginx-IP08 ]#nginx -vnginx version: nginx/1.18.0[root@CentOS84-Nginx-IP08 ]#nginx -Vnginx version: nginx/1.18.0built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC) built with OpenSSL 1.1.1k FIPS 25 Mar 2021TLS SNI support enabledconfigure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module

4.1.2.4 启动Nginx,并测试访问

# 启动和停止 nginx 测试访问 web 界面[root@CentOS84-Nginx-IP08 ]#nginx[root@CentOS84-Nginx-IP08 ]#ss -ntlState Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 511 0.0.0.0:80 0.0.0.0:* # 需要特别说明,因为我们直接是用二进制文件程序启动运行nginx的,所以关闭时候需要用下面的命令关闭。[root@CentOS84-Nginx-IP08 ]#nginx -s stop

?访问测试:上面步骤启动好Nginx 后在浏览器内输入 http://192.168.0.8 可以看到下面的页面,说明安装已经成功了?

Nginx实战:编译安装,在线升级,实现多域名 http和 https,自动跳转_nginx

4.1.2.5 创建自启动文件及启动Nginx

#### 因为前面在另外一台 Nginx-IP48 服务器上yum 安装过相同版本的Nginx,将配置文件直接借鉴复制到编译安装的这台服务器上,修改后可以直接使用。# 查看服务器上的启动文件,编译安装后并不存在[root@CentOS84-Nginx-IP08 ]#ll /usr/lib/systemd/system/nginx.servicels: cannot access '/usr/lib/systemd/system/nginx.service': No such file or directory[root@CentOS84-Nginx-IP08 ]###################################################################################### 切换到Nginx-IP48 服务器上,查看yum方式安装的 启动文件,也可以直接复制并在 CentOS84-Nginx-IP08 上用vim 生成这个文件[root@Nginx-IP48 ]#ll /usr/lib/systemd/system/nginx.service-rw-r--r-- 1 root root 469 Jan 25 23:25 /usr/lib/systemd/system/nginx.service[root@Nginx-IP48 ]#cat /usr/lib/systemd/system/nginx.service[Unit]Description=nginx - high performance web serverDocumentation=http://nginx.org/en/docs/After=network-online.target remote-fs.target nss-lookup.targetWants=network-online.target[Service]Type=forkingPIDFile=/var/run/nginx.pidExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.confExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"[Install]WantedBy=multi-user.target[root@Nginx-IP48 ]## 将 启动文件nginx.service复制到 CentOS84-Nginx-IP08[root@Nginx-IP48 ]#scp /usr/lib/systemd/system/nginx.service 192.168.250.8:/usr/lib/systemd/system/nginx.service The authenticity of host '192.168.250.8 (192.168.250.8)' can't be established.ECDSA key fingerprint is SHA256:WGibMK0eLfGqzsaTJEHUwYyD+RwjH6hlC0ZBURwn7ns.Are you sure you want to continue connecting (yes/no/[fingerprint])? yesWarning: Permanently added '192.168.250.8' (ECDSA) to the list of known hosts.root@192.168.250.8's password: nginx.service 100% 469 356.3KB/s 00:00 [root@Nginx-IP48 ]###################################################################################### 切换回CentOS84-Nginx-IP08 停掉前面 nginx 直接启动的 nginx 服务[root@CentOS84-Nginx-IP08 ]#nginx -s stop[root@CentOS84-Nginx-IP08 ]#ss -ntl# 按照编译安装的参数,修改好自启动服务文件[root@CentOS84-Nginx-IP08 ]#vim /usr/lib/systemd/system/nginx.service[root@CentOS84-Nginx-IP08 ]#cat /usr/lib/systemd/system/nginx.service[Unit]Description=nginx - high performance web serverDocumentation=http://nginx.org/en/docs/After=network-online.target remote-fs.target nss-lookup.targetWants=network-online.target[Service]Type=forkingPIDFile=/apps/nginx/run/nginx.pidExecStart=/apps/nginx/sbin/nginx -c /apps/nginx/conf/nginx.confExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /apps/nginx/run/nginx.pid)"ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /apps/nginx/run/nginx.pid)"[Install]WantedBy=multi-user.target# 创建 /apps/nginx/run/ 目录[root@CentOS84-Nginx-IP08 ]#mkdir /apps/nginx/run/# 修改配置文件中的 apps/nginx/run/ [root@CentOS84-Nginx-IP08 ]#vim /apps/nginx/conf/nginx.confpid /apps/nginx/run/nginx.pid; # 启动 Nginx 前查看其运行状态[root@CentOS84-Nginx-IP08 ]#ss -tln # 看不到80端口监听[root@CentOS84-Nginx-IP08 ]#systemctl status nginx [root@CentOS84-Nginx-IP08 ]#systemctl status nginx● nginx.service - nginx - high performance web server Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: inactive (dead) since Fri 2022-03-25 02:37:32 CST; 1s ago Docs: http://nginx.org/en/docs/# 网页服务也不可访问[root@CentOS84-Nginx-IP08 ]#curl 192.168.250.8curl: (7) Failed to connect to 192.168.250.8 port 80: Connection refused# 通过服务启动文件启动 Nginx [root@CentOS84-Nginx-IP08 ]#systemctl start nginx# 验证网页可以正常访问,也看到相应的版本信息等[root@CentOS84-Nginx-IP08 ]#curl -I 192.168.250.8HTTP/1.1 200 OKServer: nginx/1.18.0Date: Thu, 24 Mar 2022 18:40:37 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Thu, 24 Mar 2022 17:52:32 GMTConnection: keep-aliveETag: "623cafe0-264"Accept-Ranges: bytes[root@CentOS84-Nginx-IP08 ]#nginx -vnginx version: nginx/1.18.0[root@CentOS84-Nginx-IP08 ]#nginx -Vnginx version: nginx/1.18.0built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC) built with OpenSSL 1.1.1k FIPS 25 Mar 2021TLS SNI support enabledconfigure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module[root@CentOS84-Nginx-IP08 ]## 停掉 nginx 网页即不可访问了[root@CentOS84-Nginx-IP08 ]#systemctl stop nginx [root@CentOS84-Nginx-IP08 ]#curl -I 192.168.250.8curl: (7) Failed to connect to 192.168.250.8 port 80: Connection refused# 至此编译安装Nginx全部完成了

4.2 Nginx 平滑升级

下面将实践从 Nginx 1.18.0 升级到 1.20.2 版本的全过程

#### 平滑升级需要先启动好老版本1.18.0 ngnix ,这样才能演示不停机升级过程# 确认 Nginx1.18.0 正常运行中,不停机情况下升级[root@CentOS84-Nginx-IP08 ]#/apps/nginx/sbin/nginx[root@CentOS84-Nginx-IP08 ]#ss -tlnState Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 511 0.0.0.0:80 0.0.0.0:* [root@CentOS84-Nginx-IP08 ]#curl -I 192.168.250.8HTTP/1.1 200 OKServer: nginx/1.18.0Date: Thu, 24 Mar 2022 18:58:19 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Thu, 24 Mar 2022 17:52:32 GMTConnection: keep-aliveETag: "623cafe0-264"Accept-Ranges: bytes[root@CentOS84-Nginx-IP08 ]## 下载 nginx-1.20.2.tar.gz 源码包,解压[root@CentOS84-Nginx-IP08 ]#/usr/local/src[root@CentOS84-Nginx-IP08 ]#wget http://nginx.org/download/nginx-1.20.2.tar.gz[root@CentOS84-Nginx-IP08 ]#tar xvf nginx-1.20.2.tar.gz[root@CentOS84-Nginx-IP08 ]#cd nginx-1.20.2# 查看正在运行的版本和编译参数,这个编译参数需要在新版本中直接使用[root@CentOS84-Nginx-IP08 ]#/apps/nginx/sbin/nginx -Vnginx version: nginx/1.18.0built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC) built with OpenSSL 1.1.1k FIPS 25 Mar 2021TLS SNI support enabledconfigure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module # configure arguments后面是以前旧版本编译时的参数,新版本编译使用一样的参数即可# 用上面复制下来的编译参数[root@CentOS84-Nginx-IP08 ]#./configure --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module# 只要make ,不需要 make install[root@CentOS84-Nginx-IP08 ]#make -j 4 make -f objs/Makefile........................make[1]: Leaving directory '/usr/local/src/nginx-1.20.2'[root@CentOS84-Nginx-IP08 ]#objs/nginx -vnginx version: nginx/1.20.2# 查看新旧两个版本[root@CentOS84-Nginx-IP08 ]#ll objs/nginx /apps/nginx/sbin/nginx-rwxr-xr-x 1 nginx nginx 8628992 Mar 25 01:52 /apps/nginx/sbin/nginx-rwxr-xr-x 1 root root 8805216 Mar 25 02:51 objs/nginx# 备份就版本的二进制文件[root@CentOS84-Nginx-IP08 ]#mv /apps/nginx/sbin/nginx /apps/nginx/sbin/nginx.old #把新版本1.20.2 的nginx命令复制到/apps/nginx/sbin/ 下[root@CentOS84-Nginx-IP08 ]#cp ./objs/nginx /apps/nginx/sbin/# 进行配置文件的语法检查[root@CentOS84-Nginx-IP08 ]#/apps/nginx/sbin/nginx -tnginx: the configuration file /apps/nginx/conf/nginx.conf syntax is oknginx: configuration file /apps/nginx/conf/nginx.conf test is successful#### USR2 平滑升级可执行程序,将存储有旧版本主进程ID的文件重命名为 nginx.pid.oldbin,跟着启动新的nginx。 此时两个master的进程都在运行,只是旧的master不在监听,由新的master监听80。 此时Nginx开启一个新的master进程,这个master进程会生成新的worker进程,这就是升级后的Nginx进程,此时老的进程不会自动退出,但是当接收到新的请求不作处理而是交给新的进程处理。[root@CentOS84-Nginx-IP08 ]#cat /apps/nginx/run/nginx.pid9136[root@CentOS84-Nginx-IP08 ]#kill -USR2 `cat /apps/nginx/run/nginx.pid`[root@CentOS84-Nginx-IP08 ]#ps auxf|grep nginxroot 9280 0.0 0.0 12136 1156 pts/0 S+ 03:09 0:00 \_ grep --color=auto nginxroot 9136 0.0 0.0 42580 2780 ? Ss 02:56 0:00 nginx: master process /apps/nginx/sbin/nginx.oldnginx 9137 0.0 0.1 77248 5176 ? S 02:56 0:00 \_ nginx: worker processroot 9277 0.0 0.1 42580 6180 ? S 03:09 0:00 \_ nginx: master process /apps/nginx/sbin/nginx.oldnginx 9278 0.0 0.1 77248 5056 ? S 03:09 0:00 \_ nginx: worker process[root@CentOS84-Nginx-IP08 ]#lsof -i :80COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEnginx.old 9136 root 8u IPv4 41673 0t0 TCP *:http (LISTEN)nginx.old 9137 nginx 8u IPv4 41673 0t0 TCP *:http (LISTEN)nginx.old 9277 root 8u IPv4 41673 0t0 TCP *:http (LISTEN)nginx.old 9278 nginx 8u IPv4 41673 0t0 TCP *:http (LISTEN)#### 先关闭旧nginx的worker进程,而不关闭nginx主进程,万一有问题还可以方便回滚。向原Nginx主进程发送WINCH信号,它会逐步关闭旗下的工作进程(主进程不退出),这时所有请求都会由新版Nginx处理[root@CentOS84-Nginx-IP08 ]#kill -WINCH `cat /apps/nginx/run/nginx.pid.oldbin`[root@CentOS84-Nginx-IP08 ]#ps auxf|grep nginxroot 9304 0.0 0.0 12136 1068 pts/0 S+ 03:10 0:00 \_ grep --color=auto nginxroot 9136 0.0 0.0 42580 2780 ? Ss 02:56 0:00 nginx: master process /apps/nginx/sbin/nginx.oldroot 9277 0.0 0.1 42580 6180 ? S 03:09 0:00 \_ nginx: master process /apps/nginx/sbin/nginx.oldnginx 9278 0.0 0.1 77248 5056 ? S 03:09 0:00 \_ nginx: worker process[root@CentOS84-Nginx-IP08 ]#pstree -p|grep nginx |-nginx.old(9136)---nginx.old(9277)---nginx.old(9278)# 过一段时间测试,新版服务没问题,最后退出老版本的master[root@CentOS84-Nginx-IP08 ]#kill -QUIT `cat /apps/nginx/run/nginx.pid.oldbin`[root@CentOS84-Nginx-IP08 ]#nginx -v nginx version: nginx/1.20.2[root@CentOS84-Nginx-IP08 ]#nginx -Vnginx version: nginx/1.20.2built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC) built with OpenSSL 1.1.1k FIPS 25 Mar 2021TLS SNI support enabledconfigure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module[root@CentOS84-Nginx-IP08 ]#[root@CentOS84-Nginx-IP08 ]#[root@CentOS84-Nginx-IP08 ]## 至此已经升级到 1.20.2 版本Nginx

4.3 Nginx 实现多域名http虚拟主机

# 实现两个 http 的虚拟网站[root@CentOS84-Nginx-IP08 ]#[root@CentOS84-Nginx-IP08 ]#mkdir /apps/nginx/conf/conf.d[root@CentOS84-Nginx-IP08 ]#vim /apps/nginx/conf/nginx.conf#user nobody;worker_processes 1;............... # 中间这段全是默认配置文件,再最下面加上一行,指定子配置文件的路径 #} include /apps/nginx/conf/conf.d/*.conf;}# 配置文件语法预检查[root@CentOS84-Nginx-IP08 ]#nginx -tnginx: the configuration file /apps/nginx/conf/nginx.conf syntax is oknginx: configuration file /apps/nginx/conf/nginx.conf test is successful[root@CentOS84-Nginx-IP08 ]##启动(或者重新启动)Nginx [root@CentOS84-Nginx-IP08 ]#systemctl start nginx [root@CentOS84-Nginx-IP08 ]#ss -tlnState Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 511 0.0.0.0:80 0.0.0.0:* # 我们规划两个网站,一个是PC访问的 www.shone.cn ; 另外一个专门给手机访问的 m.shone.cn 网站。 先准备 PC访问的 www.shone.cn 的子配置文件[root@CentOS84-Nginx-IP08 ]#vim /apps/nginx/conf/conf.d/pc.conf[root@CentOS84-Nginx-IP08 ]#cat /apps/nginx/conf/conf.d/pc.confserver {listen 80;server_name www.shone.cn;location / {root /data/nginx/html/pc;}}[root@CentOS84-Nginx-IP08 ]# [root@CentOS84-Nginx-IP08 ]#mkdir -p /data/nginx/html/pc[root@CentOS84-Nginx-IP08 ]#echo " ---- Test PC WEB ---- " > /data/nginx/html/pc/index.html [root@CentOS84-Nginx-IP08 ]#systemctl reload nginx[root@CentOS84-Nginx-IP08 ]#[root@CentOS84-Nginx-IP08 ]#vim /apps/nginx/conf/conf.d/mobile.confserver {listen 80;server_name m.shone.cn;location / {root /data/nginx/html/mobile;}}

修改好WIN10机器 c:\windows\system32\drivers\etc 目录下的hosts文件,在最后加上下面这行

192.168.250.8 www.shone.cn m.shone.cn

在浏览器内可以输入 http://www.shone.cn 可以看到如下的页面

Nginx实战:编译安装,在线升级,实现多域名 http和 https,自动跳转_在线升级nginx_02

## 再创建一个 m.shone.cn 域名的子配置文件 [root@CentOS84-Nginx-IP08 ]#cat /apps/nginx/conf/conf.d/mobile.confserver {listen 80;server_name m.shone.cn;location / {root /data/nginx/html/mobile;}}[root@CentOS84-Nginx-IP08 ]#mkdir -p /data/nginx/html/mobile[root@CentOS84-Nginx-IP08 ]#echo " --- Mobile Web --- " >> /data/nginx/html/mobile/index.html [root@CentOS84-Nginx-IP08 ]#systemctl reload nginx[root@CentOS84-Nginx-IP08 ]#

测试验证 http:// m.shone.cn , 应该出现下面的页面的访问成功状态

Nginx实战:编译安装,在线升级,实现多域名 http和 https,自动跳转_多域名http和https_03

4.4 Nginx 实现多域名https虚拟主机

4.4.1 https 简介

Web网站的登录页面都是使用https加密传输的,加密数据以保障数据的安全,HTTPS能够加密信息,以免敏感信息被第三方获取,所以很多银行网站或电子邮箱等等安全级别较高的服务都会采用HTTPS协议,HTTPS其实是有两部分组成:HTTP + SSL / TLS,也就是在HTTP上又加了一层处理加密信息的模块。服务端和客户端的信息传输都会通过TLS进行加密,所以传输的数据都是加密后的数据。

Nginx实战:编译安装,在线升级,实现多域名 http和 https,自动跳转_在线升级nginx_04

https 实现过程如下:1.客户端发起HTTPS请求:客户端访问某个web端的https地址,一般都是443端口2.服务端的配置:采用https协议的服务器必须要有一套证书,可以通过一些组织申请,也可以自己制作,目前国内很多网站都自己做的,当你访问一个网站的时候提示证书不可信任就表示证书是自己做的,证书就是一个公钥和私钥匙,就像一把锁和钥匙,正常情况下只有你的钥匙可以打开你的锁,你可以把这个送给别人让他锁住一个箱子,里面放满了钱或秘密,别人不知道里面放了什么而且别人也打不开,只有你的钥匙是可以打开的。3.传送证书:服务端给客户端传递证书,其实就是公钥,里面包含了很多信息,例如证书得到颁发机构、过期时间等等。4.客户端解析证书:这部分工作是有客户端完成的,首先回验证公钥的有效性,比如颁发机构、过期时间等等,如果发现异常则会弹出一个警告框提示证书可能存在问题,如果证书没有问题就生成一个随机值,然后用证书对该随机值进行加密,就像2步骤所说把随机值锁起来,不让别人看到。5.传送4步骤的加密数据:就是将用证书加密后的随机值传递给服务器,目的就是为了让服务器得到这个随机值,以后客户端和服务端的通信就可以通过这个随机值进行加密解密了。6.服务端解密信息:服务端用私钥解密5步骤加密后的随机值之后,得到了客户端传过来的随机值(私钥),然后把内容通过该值进行对称加密,对称加密就是将信息和私钥通过算法混合在一起,这样除非你知道私钥,不然是无法获取其内部的内容,而正好客户端和服务端都知道这个私钥,所以只要机密算法够复杂就可以保证数据的安全性。7.传输加密后的信息:服务端将用私钥加密后的数据传递给客户端,在客户端可以被还原出原数据内容。8.客户端解密信息:客户端用之前生成的私钥获解密服务端传递过来的数据,由于数据一直是加密的,因此即使第三方获取到数据也无法知道其详细内容。

4.4.2 实现Nginx 多域名https虚拟主机

在上面 多域名http虚拟主机的基础上继续配置,实现Nginx 多域名https虚拟主机;同时实现访问http:// m.shone.cn 自动跳转 https:// m.shone.cn

4.4.2.1 实现 https://www.shone.cn 单个域名

https://www.shone.cn 和 http://www.shone.cn 都可访问的配置

# 自签名CA证书[root@CentOS84-Nginx-IP08 ]#cd /apps/nginx/[root@CentOS84-Nginx-IP08 ]#mkdir certs[root@CentOS84-Nginx-IP08 ]#cd certs/[root@CentOS84-Nginx-IP08 ]#pwd/apps/nginx/certs[root@CentOS84-Nginx-IP08 ]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crtGenerating a RSA private key.................................++++..........++++writing new private key to 'ca.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN #国家代码State or Province Name (full name) []:NANJING #省份Locality Name (eg, city) [Default City]:NANJING #城市Organization Name (eg, company) [Default Company Ltd]:SHONE #公司Organizational Unit Name (eg, section) []:IT #部门 Common Name (eg, your name or your server's hostname) []:ca.shone.cnEmail Address []:1050572574@qq.com #邮箱[root@CentOS84-Nginx-IP08 ]#[root@CentOS84-Nginx-IP08 ]#ll ca.crt-rw-r--r-- 1 root root 2118 Mar 24 20:46 ca.crt# 自制key和csr文件[root@CentOS84-Nginx-IP08 ]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.shone.cn.key -out www.shone.cn.csrGenerating a RSA private key....................................++++...................................................++++writing new private key to 'www.shone.cn.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:NANJINGLocality Name (eg, city) [Default City]:NANJINGOrganization Name (eg, company) [Default Company Ltd]:SHONEOrganizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:www.shone.cnEmail Address []:1050572574@qq.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:[root@CentOS84-Nginx-IP08 ]#[root@CentOS84-Nginx-IP08 ]#lltotal 16-rw-r--r-- 1 root root 2118 Mar 24 20:46 ca.crt-rw------- 1 root root 3272 Mar 24 20:45 ca.key-rw-r--r-- 1 root root 1740 Mar 24 20:48 www.shone.cn.csr-rw------- 1 root root 3272 Mar 24 20:47 www.shone.cn.key# 签发证书[root@CentOS84-Nginx-IP08 ]#openssl x509 -req -days 3650 -in www.shone.cn.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.shone.cn.crtSignature oksubject=C = CN, ST = NANJING, L = NANJING, O = SHONE, OU = IT, CN = www.shone.cn, emailAddress = 1050572574@qq.comGetting CA Private Key# 验证证书内容[root@CentOS84-Nginx-IP08 ]#openssl x509 -in www.shone.cn.crt -noout -text Certificate: Data: Version: 1 (0x0) Serial Number: 5d:1f:01:56:c6:85:3b:8b:bc:da:3d:87:d5:39:50:d2:4b:83:54:46 Signature Algorithm: sha256WithRSAEncryption Issuer: C = CN, ST = NANJING, L = NANJING, O = SHONE, OU = IT, CN = ca.shone.cn, emailAddress = 1050572574@qq.com Validity Not Before: Mar 24 12:49:58 2022 GMT Not After : Mar 21 12:49:58 2032 GMT Subject: C = CN, ST = NANJING, L = NANJING, O = SHONE, OU = IT, CN = www.shone.cn, emailAddress = 1050572574@qq.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:c5:dd:21:28:e8:14:ec:54:29:0a:cb:ac:d9:1d: 94:e4:7d:9c:36:4f:57:79:76:5c:c1:70:f3:2d:ff: c2:16:91:0e:2e:67:43:64:79:29:43:f8:70:72:2b: 9e:b3:21:dc:7c:99:9d:0c:8f:0a:16:67:15:2e:50: 51:1f:d1:5a:34:ca:5b:4e:1a:87:5e:ea:3b:f8:ae: c7:18:02:27:18:ff:8e:a4:45:c8:ff:0d:cf:70:9c: 14:37:87:3f:33:ae:0d:36:6a:9f:67:83:8b:ce:53: 4e:9c:55:08:dd:fa:91:56:27:da:60:17:b0:61:12: 3c:71:a1:df:51:33:35:ab:3b:d9:91:a2:39:99:59: 3b:6e:63:af:5c:81:10:ed:2f:81:18:4a:46:29:72: 7f:62:cf:91:2d:b7:52:8f:e9:d7:46:9b:d1:59:d0: 81:e2:19:08:d1:ca:03:98:ea:2d:d3:d0:89:26:8e: 62:c3:db:a6:35:54:5f:e6:3a:85:64:d2:ce:ee:92: 40:6a:fa:bd:88:10:b6:06:77:6c:72:24:d3:6d:78: 52:a6:5e:e3:d2:33:bc:b2:fa:23:c4:2d:8f:3c:02: de:f5:e1:df:13:32:80:1a:d7:35:a0:9d:93:d0:43: 27:79:34:f3:bf:00:d8:a3:09:86:a7:0b:36:69:a1: 31:c5:04:d7:cc:76:15:5f:fc:0c:b7:d5:6e:09:de: d1:d6:99:d1:32:31:a2:f2:5f:d8:ee:b9:2a:4a:b7: 23:00:d4:73:97:c4:86:7b:1f:5e:1b:52:64:03:60: 65:3f:aa:ef:b8:08:07:4b:2d:5d:bc:7d:33:6a:7f: 47:24:f9:27:8d:98:d0:36:f3:cd:aa:34:a6:93:47: 7e:f7:de:22:5f:03:57:37:92:c3:46:dc:15:55:e0: e1:2e:62:be:1a:da:04:d9:e6:6c:bb:0e:11:58:a4: f7:98:5b:2f:9d:b8:db:75:f5:3b:15:32:4a:12:1f: 96:c0:f6:23:cb:21:d6:d7:d3:a7:a7:22:c7:0b:5a: fd:fa:af:7b:c1:98:57:35:51:96:65:26:6f:32:e9: 57:8f:ca:97:74:ce:6d:00:1b:b5:e2:4b:e7:4d:8d: 1d:54:9c:70:6e:14:00:25:01:3e:13:a9:09:5c:87: 77:8a:9e:94:9a:7c:0e:c9:e0:e7:dc:1d:98:19:26: 70:e8:0e:8c:e9:f2:30:80:9b:ba:4d:dd:dc:ca:5a: 80:cf:dd:ea:32:48:b3:e2:4b:49:d9:62:b7:0a:10: 55:eb:50:06:fa:10:dc:e3:76:f7:8c:2c:67:16:ff: 30:55:c5:53:d2:89:6e:a7:fa:c7:d7:f0:72:a5:56: 9e:59:05 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption 7c:53:19:b6:de:30:d4:56:8a:37:59:64:72:89:91:cb:77:bd: 3b:a6:53:84:71:d4:5e:a0:48:6e:ce:8a:bd:98:7b:0e:0b:54: 87:f1:5a:b6:de:e7:f3:e2:78:7b:fc:e7:2d:57:a3:72:5b:4a: f0:b5:02:2c:cf:b4:47:21:c4:27:9c:34:e1:9b:ad:e8:dc:ab: 0d:c9:35:39:0f:58:88:db:54:c7:8f:00:ec:07:af:db:f4:88: 14:d7:21:69:64:68:5e:a2:9b:01:53:21:0b:98:01:c8:cf:d1: 68:bd:68:fa:4a:8d:85:ac:e9:ed:88:29:be:97:85:c6:2a:9f: 7f:2f:eb:9e:96:2c:3f:4e:b4:68:0f:17:c6:86:e1:17:a5:08: 14:e2:c7:e4:f9:2a:b5:a9:1b:3c:eb:f2:de:12:74:36:1b:50: 7d:1d:89:f8:c4:16:98:be:06:eb:3c:a1:02:38:01:e0:3a:e9: e4:2a:8f:f4:0f:a8:27:cf:c8:91:0c:a4:a4:63:b2:d2:e5:e8: a1:e7:a9:c9:b7:55:45:c2:30:7d:a0:c1:e4:4d:e0:55:8b:8f: de:88:95:ad:a1:5c:38:e1:91:9c:ef:d7:38:e4:68:15:03:ee: 79:e5:47:d7:2f:82:5e:5f:8b:87:e5:9f:d1:83:32:9a:ac:61: fa:f1:ef:99:50:c9:df:85:50:9b:e2:13:88:c7:8b:73:89:11: ff:17:16:87:a6:f1:33:b5:54:09:f4:8d:55:a7:2b:0d:b1:0a: ea:5e:86:ba:fc:24:68:58:ed:dc:12:d4:26:be:2a:23:27:57: bd:7b:ec:c4:ea:ed:c8:77:d1:52:06:57:cd:c2:80:69:2f:75: 3b:8e:bd:5e:e5:ba:cc:40:69:8b:0b:22:b2:3a:1b:2e:04:b9: fa:d0:42:3b:24:12:4a:68:94:7c:9f:79:62:39:48:e8:87:13: 53:71:e0:0a:74:55:ca:e6:02:42:06:4e:da:71:cd:37:30:a1: 9d:d4:64:46:28:9c:07:f1:93:e2:a8:4f:9f:34:51:f7:5d:ad: 7a:2a:e1:4a:91:b9:d3:c8:1b:ec:4d:d0:5a:01:33:10:56:c2: 81:c4:2e:d2:63:c0:e8:a5:c7:4d:9b:da:a9:4c:3a:56:84:1d: 96:8a:71:d8:e2:17:55:20:11:a5:d8:e0:b6:ea:ed:1e:41:f7: 72:fb:cd:c2:d6:70:91:31:ab:58:69:a7:03:c9:36:2b:d2:6e: e9:75:89:2a:4d:07:9c:a2:65:4b:c4:bf:59:14:03:8a:2f:cd: b0:99:b5:47:4c:93:23:01:3d:66:f1:51:5f:19:51:63:9e:f1: 0c:2b:1d:8c:4a:0d:b3:dc # 合并CA和服务器证书成一个文件,注意服务器证书在前[root@CentOS84-Nginx-IP08 ]#cat www.shone.cn.crt ca.crt > www.shone.cn.pem# 再上面http多域名的虚拟主机的基础上开始修改成多域名的https虚拟主机配置文件[root@CentOS84-Nginx-IP08 ]#ll /apps/nginx/conf/conf.d/total 8-rw-r--r-- 1 root root 91 Mar 24 20:35 mobile.conf-rw-r--r-- 1 root root 89 Mar 24 20:27 pc.conf[root@CentOS84-Nginx-IP08 ]#ll /apps/nginx/conf/conf.d/pc.conf -rw-r--r-- 1 root root 89 Mar 24 20:27 /apps/nginx/conf/conf.d/pc.conf# 下面这个是先前的http多域名的虚拟主机的子配置文件,需要修改[root@CentOS84-Nginx-IP08 ]#cat /apps/nginx/conf/conf.d/pc.conf server {listen 80;server_name www.shone.cn;location / {root /data/nginx/html/pc;}}# 修改成 支持http 和 https 访问的子配置文件如下[root@CentOS84-Nginx-IP08 ]#vim /apps/nginx/conf/conf.d/pc.conf [root@CentOS84-Nginx-IP08 ]#cat /apps/nginx/conf/conf.d/pc.confserver {listen 80;listen 443 ssl;ssl_certificate /apps/nginx/certs/www.shone.cn.pem;ssl_certificate_key /apps/nginx/certs/www.shone.cn.key;ssl_session_cache shared:sslcache:20m;ssl_session_timeout 10m;server_name www.shone.cn;location / {root /data/nginx/html/pc;}}[root@CentOS84-Nginx-IP08 ]#

?访问验证?

Nginx实战:编译安装,在线升级,实现多域名 http和 https,自动跳转_在线升级nginx_05

Nginx实战:编译安装,在线升级,实现多域名 http和 https,自动跳转_在线升级nginx_06

4.4.2.2 实现 https://m.shone.cn

Nginx 支持基于单个IP实现多域名的功能,并且还支持单IP多域名的基础之上实现HTTPS,其实是基于

Nginx的 SNI(Server Name Indication)功能实现,SNI是为了解决一个Nginx服务器内使用一个IP绑定

多个域名和证书的功能,其具体功能是客户端在连接到服务器建立SSL链接之前先发送要访问站点的域名

(Hostname),这样服务器再根据这个域名返回给客户端一个合适的证书。

先实现https证书等配置 , 再实现访问 http://m.shone.cn 自动跳转 https://m.shone.cn

# 自签名CA证书 在做 https://www.shone.cn 已经完成,再此基础上制作m.shone.cn的key和csr文件#制作key和csr文件[root@CentOS84-Nginx-IP08 ]#pwd/apps/nginx/certs[root@CentOS84-Nginx-IP08 ]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout m.shone.cn.key -out m.shone.cn.csrGenerating a RSA private key................................................................................................................++++...++++writing new private key to 'm.shone.cn.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:JIANGSULocality Name (eg, city) [Default City]:NANJINGOrganization Name (eg, company) [Default Company Ltd]:SHONEOrganizational Unit Name (eg, section) []:ITCommon Name (eg, your name or your server's hostname) []:m.shone.cnEmail Address []:1050572574@qq.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:# 签名证书[root@CentOS84-Nginx-IP08 ]#openssl x509 -req -days 3650 -in m.shone.cn.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out m.shone.cn.crtSignature oksubject=C = CN, ST = JIANGSU, L = NANJING, O = SHONE, OU = IT, CN = m.shone.cn, emailAddress = 1050572574@qq.comGetting CA Private Key# 验证证书内容[root@CentOS84-Nginx-IP08 ]#openssl x509 -in m.shone.cn.crt -noout -text Certificate: Data: Version: 1 (0x0) Serial Number: 5d:1f:01:56:c6:85:3b:8b:bc:da:3d:87:d5:39:50:d2:4b:83:54:47 Signature Algorithm: sha256WithRSAEncryption Issuer: C = CN, ST = NANJING, L = NANJING, O = SHONE, OU = IT, CN = ca.shone.cn, emailAddress = 1050572574@qq.com Validity Not Before: Mar 24 13:11:01 2022 GMT Not After : Mar 21 13:11:01 2032 GMT Subject: C = CN, ST = JIANGSU, L = NANJING, O = SHONE, OU = IT, CN = m.shone.cn, emailAddress = 1050572574@qq.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:d4:10:95:d8:31:72:8f:c6:1d:19:77:b2:09:72: 93:43:e2:79:39:87:71:67:af:bf:7a:37:0b:55:de: 42:48:9a:33:43:15:39:ea:70:2b:21:0b:e0:2b:a9: 4f:8a:06:75:c1:21:4b:a0:68:22:53:f2:80:dd:b5: b3:56:0c:e5:e8:6d:ac:e6:13:a2:b1:cb:04:82:f5: 8f:0e:fb:57:02:8c:04:83:b8:c4:2d:76:6a:2e:97: 3b:93:fc:e6:d5:5f:f5:c6:be:5e:79:d0:24:9c:61: 61:01:d9:7e:bf:09:74:99:4b:d8:c7:b1:95:f5:6b: a2:b9:cf:24:03:b9:7d:90:b5:f2:9e:d3:bc:e3:0c: a3:8c:c0:08:30:b4:b8:3a:06:12:6c:93:f3:3e:60: 54:d4:47:be:e1:ef:52:8b:16:4b:8c:45:86:81:0d: 66:d2:5b:dd:c7:e3:6e:d4:7e:8f:03:b7:a4:c4:3e: 0a:b9:68:33:03:f7:41:30:de:db:a2:c0:de:4a:ce: 71:02:95:5f:5f:1a:90:34:6b:c8:18:47:2e:70:ed: 1b:4f:5c:7f:2e:fd:3f:8b:22:44:d6:2a:fd:68:37: d5:a6:69:9c:9a:be:c6:61:c7:d4:66:2e:07:5c:44: 36:49:c5:92:1b:33:ff:f8:ec:3d:c3:4e:69:11:df: 5c:b5:2d:5d:4c:35:86:b3:b7:a2:46:6e:e9:1a:f9: 6d:33:98:c7:38:fc:27:20:b5:01:25:df:e7:0f:0c: c3:7c:bf:52:a2:da:87:40:42:ca:23:7c:69:7d:f1: a6:73:b6:d4:b6:c6:7c:04:ff:c9:f9:ec:e1:14:c1: 65:41:08:4c:40:45:1b:67:66:0b:b3:30:b8:a7:db: 4a:f5:60:14:e4:54:af:9f:90:db:28:6c:ee:5d:8b: 7d:b6:ee:15:69:57:39:04:08:1d:88:8a:a0:f9:5e: 9d:d4:c4:1b:43:e4:30:a5:2f:53:bd:b9:d3:a1:0a: 27:bf:23:31:70:14:e8:de:cc:a8:00:3d:83:e6:52: 4d:cb:30:c8:46:e4:fe:2b:10:0e:11:eb:fe:c4:87: 0c:5b:dd:00:28:3c:c2:14:f9:b1:45:e6:a2:b3:ef: 3c:16:c8:b4:16:8c:1a:35:56:bd:38:ce:d9:84:45: 16:99:83:1d:93:cf:5d:b3:d1:5c:5a:1f:55:99:7e: 9a:8a:8e:c5:0c:f1:ec:fa:7b:fe:3e:6f:89:7a:47: 5d:9c:2a:d4:e1:f1:cb:76:63:8e:1d:e3:d9:a0:5a: 8f:12:7e:15:75:08:80:a8:93:69:f1:73:54:a1:58: af:89:3c:0e:3b:0f:2a:ee:43:41:0d:94:c1:fe:cb: d2:52:d5 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption 0d:2e:cc:86:29:8f:1d:29:cc:a9:60:31:a4:a4:52:4c:33:94: 3a:0c:cc:03:64:ed:46:67:95:7a:fb:d9:c1:78:0f:46:69:f1: c4:d6:f5:3f:c4:e0:e2:22:a7:82:4b:82:e3:6e:85:33:70:a7: 42:bf:64:95:31:1e:66:54:bd:5a:4f:27:0e:d3:03:13:28:11: 2f:32:4d:0d:2d:bd:34:04:b4:00:5e:6f:16:d6:3f:c1:8e:17: c2:5a:5e:70:8a:56:44:56:89:5b:4f:c0:2c:e5:ab:cf:16:6e: 93:f5:3e:ce:c8:02:a4:fe:b1:46:a8:8b:11:9e:d2:05:82:c8: ee:40:78:f1:30:02:3c:ec:a8:a5:0d:d9:93:a2:63:75:e2:0a: 27:8d:7d:b1:2e:35:7f:ee:e0:6c:60:38:ff:f0:93:91:6d:3d: ad:e3:ad:59:52:59:38:f5:fa:16:3d:dc:8a:84:8a:3c:0f:4d: ce:9a:a5:00:2b:58:3e:68:1a:61:0b:c9:a2:17:43:a5:2d:a1: 8b:ba:42:d8:5e:b9:04:a4:bd:69:82:fe:d6:a2:62:4c:70:4b: bb:f9:8b:2a:9f:06:8d:33:90:59:20:eb:21:58:d1:2b:bc:01: cb:6d:86:29:f3:81:af:78:5e:28:7b:c9:02:5e:53:cd:a5:9b: 23:46:3d:5b:d5:54:1a:23:76:95:b0:e8:ea:ae:96:45:3c:2f: 6a:94:60:9c:a8:21:3f:7d:e9:d0:fc:81:75:c7:b8:ef:d7:1e: a9:a6:d8:a3:a5:c6:b4:ca:84:16:52:13:82:3b:d3:4d:77:be: 53:22:58:54:a0:b3:82:2f:b9:07:6d:0e:a4:55:4d:7f:14:de: ef:8d:b0:fa:ab:3d:55:ee:d7:e1:a2:f7:01:54:d9:27:47:a6: eb:5a:df:c7:69:d3:ff:31:17:a2:02:26:f1:b0:5b:53:71:fc: 7f:c0:bb:c9:a1:d2:57:e6:25:0d:fc:4b:11:ba:cd:4e:da:3a: d9:78:3c:d1:d8:4c:3f:53:5e:0b:71:89:68:cf:e0:f8:17:5b: f7:3c:d5:21:33:f7:35:68:48:26:7f:ad:c9:7e:c1:0e:2c:db: d3:61:e7:8f:06:92:02:31:48:61:c3:98:fe:8c:4e:39:6e:3e: a8:59:15:42:6c:8c:e0:48:24:f8:11:8b:65:ff:79:ba:41:4f: 34:cb:ce:9d:b8:ad:e7:90:e4:48:61:2e:b1:3a:68:27:90:44: 51:c9:37:d3:20:a2:d9:a4:a6:4a:a7:64:6a:69:5f:b5:b7:11: 89:4b:1a:e9:c7:5b:5f:81:d4:87:0b:88:ed:ba:ea:ed:27:38: a4:c2:e3:53:59:73:60:67# 合并证书文件[root@CentOS84-Nginx-IP08 ]#cat m.shone.cn.crt ca.crt > m.shone.cn.pem [root@CentOS84-Nginx-IP08 ]#lltotal 52-rw-r--r-- 1 root root 2118 Mar 24 20:46 ca.crt-rw------- 1 root root 3272 Mar 24 20:45 ca.key-rw-r--r-- 1 root root 41 Mar 24 21:11 ca.srl-rw-r--r-- 1 root root 1996 Mar 24 21:11 m.shone.cn.crt-rw-r--r-- 1 root root 1740 Mar 24 21:10 m.shone.cn.csr-rw------- 1 root root 3272 Mar 24 21:09 m.shone.cn.key-rw-r--r-- 1 root root 4114 Mar 24 21:11 m.shone.cn.pem-rw-r--r-- 1 root root 1996 Mar 24 20:49 www.shone.cn.crt-rw-r--r-- 1 root root 1740 Mar 24 20:48 www.shone.cn.csr-rw------- 1 root root 3272 Mar 24 20:47 www.shone.cn.key-rw-r--r-- 1 root root 4114 Mar 24 20:52 www.shone.cn.pem[root@CentOS84-Nginx-IP08 ]### 在原先的http://m.shone.cn的子配置文件基础上添加ssl和自动转跳的配置# 原先的http://m.shone.cn 的子配置文件[root@CentOS84-Nginx-IP08 ]#cat /apps/nginx/conf/conf.d/mobile.confserver {listen 80;server_name m.shone.cn;location / {root /data/nginx/html/mobile;}}[root@CentOS84-Nginx-IP08 ]## 修改 子配置文件,增加ssl和自动转跳的配置[root@CentOS84-Nginx-IP08 ]#vim /apps/nginx/conf/conf.d/mobile.conf[root@CentOS84-Nginx-IP08 ]#cat /apps/nginx/conf/conf.d/mobile.confserver { listen 80 default_server; server_name m.shone.cn; rewrite ^(.*)$ https://$server_name$1 permanent;}server { listen 443 ssl; server_name m.shone.cn; ssl_certificate /apps/nginx/certs/m.shone.cn.pem; ssl_certificate_key /apps/nginx/certs/m.shone.cn.key; ssl_session_cache shared:sslcache:20m; ssl_session_timeout 10m; location / { root /data/nginx/html/mobile; }}[root@CentOS84-Nginx-IP08 ]## 重启 nginx 让配置生效[root@CentOS84-Nginx-IP08 ]#systemctl reload nginx

?访问验证: 输入 http://m.shone.cn 自动跳转到 https://m.shone.cn?

Nginx实战:编译安装,在线升级,实现多域名 http和 https,自动跳转_nginx_07

Nginx实战:编译安装,在线升级,实现多域名 http和 https,自动跳转_多域名http和https_08

网友评论
<