Linux command: Nginx enable SSL feature setting and virtual host

Source: Internet
Author: User
Tags modulus openssl web hosting nginx server


To configure the Nginx configuration file/etc/nginx/nginx.conf First, enable the SSL feature as follows:

[email protected] ~]# vim/etc/nginx/nginx.conf

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M02/9D/BE/wKiom1mFMmfyn-i8AAS1umLdSKM106.jpg "title=" 1.jpg "alt=" Wkiom1mfmmfyn-i8aas1umldskm106.jpg "/>

The certificate path in is used relative path, in order to avoid errors, the relative path is modified to absolute path such as:

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M00/9D/BE/wKioL1mFM3-TCIUBAADDJ6dFPVg197.jpg "title=" 2.jpg "alt=" Wkiol1mfm3-tciubaaddj6dfpvg197.jpg "/>

Edit the certificate openssl.cnf, make sure that the certificate path is correct, and then save the exit:

[email protected] ~]# vim/etc/pki/tls/openssl.cnf

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M00/9D/BE/wKiom1mFNBfAHI77AADpYCi2xmc865.jpg "title=" 2.jpg "alt=" Wkiom1mfnbfahi77aadpyci2xmc865.jpg "/>

Verify that the certificate-related directories under the CA path are:

[email protected] ~]# Cd/etc/pki/ca

[email protected] ca]# ls #下面四个目录必须都存在 (nginx server is established by default)

Certs CRL Newcerts Private

[email protected] ca]# ls private/#查看是否有私钥文件

[Email protected] ca]# (umask 077; OpenSSL genrsa 2048 > Private/cakey.pem) #生成一个私钥证书

Generating RSA private key, 2048 bit long modulus

.............+++

............+++

E is 65537 (0x10001)

[Email protected] ca]# OpenSSL req-new-x509-key private/cakey.pem-out cacert.pem #针对cakey. Pem This private key certificate generates a self-visa book. The relevant content is entered as follows

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/9D/BF/wKiom1mFP-mzQUh6AASu4HKzWpw169.jpg "title=" 2.jpg "Width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:230px; "alt=" Wkiom1mfp-mzquh6aasu4hkzwpw169.jpg "/>

[[email protected] ca]# ls

Cacert.pem certs CRL newcerts private

[email protected] ca]# touch serial

[email protected] ca]# echo > serial

[email protected] ca]# Touch index.txt

[email protected] ca]# Cd/etc/nginx

[[email protected] nginx]# mkdir SSL

[[email protected] nginx]# CD SSL

[email protected] ssl]# (umask 077;openssl genrsa > Nginx.key) #生成一个私钥

Generating RSA private key, 1024x768 bit long modulus

...........................++++++

.. ++++++

E is 65537 (0x10001)

[email protected] ssl]# OpenSSL req-new-key nginx.key-out NGINX.CSR

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M00/9D/C1/wKiom1mFX4vg30JsAAWLL7DfjFo887.jpg "title=" 2.jpg "Width=" "height=" 329 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:329PX; "alt=" Wkiom1mfx4vg30jsaawll7dfjfo887.jpg "/>

[[email protected] SSL] OpenSSL ca-in nginx.csr-out nginx.crt-days 3650

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/9D/C1/wKioL1mFYHTQalLeAATbMrPRi-k304.jpg "title=" 2.jpg "alt=" Wkiol1mfyhtqalleaatbmrpri-k304.jpg "/>

[email protected] ssl]# Service Nginx Restart

650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M01/9D/C1/wKioL1mFYqeyA_jkAASqL5Dv36o621.jpg "title=" 2.jpg "Width=" "height=" 292 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:292px; "alt=" Wkiol1mfyqeya_ Jkaasql5dv36o621.jpg "/>

[email protected] ssl]# cd/usr/html/#进入网页保存目录, create a new SSL

[[email protected] html]# ls

50x.html index.html test test1 test2 test3

[email protected] html]# mkdir SSL

[[email protected] html]# ls

50x.html index.html SSL test test1 test2 test3

[email protected] html]# CD SSL

[email protected] ssl]# vim index.html #编辑ssl主页

[email protected] ssl]# Service Nginx Restart

Nginx:the configuration file/etc/nginx/nginx.conf syntax is OK

Nginx:configuration file/etc/nginx/nginx.conf Test is successful

stopping nginx: [OK]

Starting nginx: [OK]

* Web Hosting path is/usr/html/ssl, so the/etc/nginx/nginx.conf configuration file in the SSL service in the location of the

Root path is/usr/html/ssl

The results are then accessed through the client:

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/9D/C2/wKioL1mFasyQ9fkTAAD3NhlWPOU865.jpg "style=" width : 700px;height:199px; "title=" 2.jpg "width=" "height=" 199 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1mfasyq9fktaad3nhlwpou865.jpg "/>

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/9D/C2/wKioL1mFas3QICbOAACMZG9THBs200.jpg "style=" float : none; "title=" 1.jpg "alt=" Wkiol1mfas3qicboaacmzg9thbs200.jpg "/>

Nginx Domain Access function, as long as the server field is modified in the nginx.conf configuration file, as follows:


650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M00/9D/C3/wKiom1mFgi7wxw41AAKzCD9qhPg473.jpg "title=" 1.jpg "alt=" Wkiom1mfgi7wxw41aakzcd9qhpg473.jpg "/>

Add Nginx virtual host function, configure nginx.conf file to increase server field

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M02/9D/C4/wKiom1mFgyXT7TnhAAEQhdZRbYM833.jpg "title=" 2.jpg "alt=" Wkiom1mfgyxt7tnhaaeqhdzrbym833.jpg "/>

Restart the Nginx service and add the following two lines of domain name resolution to the host hosts you are visiting:

10.109.134.252 www.c.com

10.109.134.252 www.a.com

The test results are as follows:

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M02/9D/DF/wKiom1mH_cOjsHqYAABlIZPnIlQ624.jpg "title=" 2.jpg "alt=" Wkiom1mh_cojshqyaablizpnilq624.jpg "/>

650) this.width=650; "src=" https://s3.51cto.com/wyfs02/M01/9D/DF/wKiom1mH_0iiN5usAAC2mZ6X8Yw525.jpg "title=" 2.jpg "alt=" Wkiom1mh_0iin5usaac2mz6x8yw525.jpg "/>







This article is from the "Learn Linux history" blog, please be sure to keep this source http://woyaoxuelinux.blog.51cto.com/5663865/1954186

Linux command: Nginx enable SSL feature setting and virtual host

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.