1. 编译安装nginx1.8.1

[root@centos7 nginx-1.8.1]# ./configure --prefix=/usr/local/nginx.1.8.1 --with-http_stub_status_module --with-http_ssl_module
[root@centos7 nginx-1.8.1]# make && make install
[root@centos7 nginx-1.8.1]# export PATH=$PATH:/usr/local/nginx.1.8.1/sbin
[root@centos7 ~]# echo "export PATH=$PATH:/usr/local/nginx.1.8.1/sbin" > /etc/profile.d/nginx.sh 
[root@centos7 ~]# grep nginx /etc/man_db.conf 
MANPATH_MAP /usr/local/nginx.1.8.1/sbin /usr/local/nginx.1.8.1/man
[root@centos7 ~]# mkdir -p /usr/local/nginx.1.8.1/man/man8/
[root@centos7 ~]# cp /home/Allen/nginx-1.8.1/man/nginx.8 /usr/local/nginx.1.8.1/man/man8/

2. nginx加入systemd管理

[root@centos7 nginx-1.8.1]# vim /etc/systemd/system/nginx.service
[Unit]
Description=nginx server daemon
Documentation=man:nginx(8)
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx.1.8.1/sbin/nginx
ExecReload=/usr/local/nginx.1.8.1/sbin/nginx -s reload
ExecStop=/usr/local/nginx.1.8.1/sbin/nginx -s quit
#PrivateTmp=true

[Install]
WantedBy=multi-user.target

[root@centos7 nginx-1.8.1]# systemctl daemon-reload

3. 证书自签名

[root@centos7 ~]# vim req.cnf
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = EN
ST = Beijing
L = Beijing
O = jzbg
OU = Ops
CN = www.jzbg.com
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = www.jzbg.com

[root@centos7 ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/nginx.1.8.1/ssl/private.key -out /usr/local/nginx.1.8.1/ssl/nginx.crt -config req.cnf -sha256

4. 配置nginx

[root@centos7 ~]# vim /usr/local/nginx.1.8.1/conf/nginx.conf
server {
    listen       19972 ssl;
    server_name  www.jzbg.com;

    ssl on;
    ssl_certificate      /usr/local/nginx.1.8.1/ssl/nginx.crt;
    ssl_certificate_key  /usr/local/nginx.1.8.1/ssl/private.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    location / {
        root   html;
        error_page   500 502 503 504  /50x.html;
        index  index.html index.htm;
    }
}

5. 启动nginx

[root@centos7 nginx-1.8.1]# systemctl start nginx
[root@centos7 nginx-1.8.1]# ss -ant | grep 19972
LISTEN     0      128          *:19972                    *:*

此时访问会出现如下问题
编译Nginx, 并使用自签证书实现https访问 Linux 第1张

6. 在Windows中导入证书

编译Nginx, 并使用自签证书实现https访问 Linux 第2张

SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。

编译Nginx, 并使用自签证书实现https访问 Linux 第3张

编译Nginx, 并使用自签证书实现https访问 Linux 第4张

编译Nginx, 并使用自签证书实现https访问 Linux 第5张

编译Nginx, 并使用自签证书实现https访问 Linux 第6张

编译Nginx, 并使用自签证书实现https访问 Linux 第7张

7. 测试效果

正常访问,不报证书错误
编译Nginx, 并使用自签证书实现https访问 Linux 第8张

扫码关注我们
微信号:SRE实战
拒绝背锅 运筹帷幄