操作环境
- 硬件:华为云服务器
- 操作系统:Rocky Linux 9.0 64bit
- 客户端软件:MobaXterm_Personal_23.1
准备工作
- 购买云服务器,并完成初始设置(操作系统选择、密码设置、安全组设置等)
- 已申请域名,并配置好域名解析指向云服务器
- 已申请域名对应的SSL证书
- 已准备SSH客户端软件,并且已连接云服务器
操作步骤
1. 相关依赖库和工具安装和更新
1.1 yum更新
|
1 2 3 |
yum update yum |
1.2 gcc等安装
yum -y install gcc gcc-c++ autoconf automake make
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[2023-05-19 12:52:38] [root@hecs-288529 ~]# yum -y install gcc gcc-c++ autoconf automake make ...... [2023-05-19 12:53:57] Upgraded: [2023-05-19 12:53:57] cpp-11.3.1-4.3.el9.x86_64 gcc-11.3.1-4.3.el9.x86_64 libgcc-11.3.1-4.3.el9.x86_64 libgomp-11.3.1-4.3.el9.x86_64 libstdc++-11.3.1-4.3.el9.x86_64 [2023-05-19 12:53:57] Installed: [2023-05-19 12:53:57] autoconf-2.69-38.el9.noarch automake-1.16.2-6.el9.noarch emacs-filesystem-1:27.2-8.el9_2.1.noarch [2023-05-19 12:53:57] gcc-c++-11.3.1-4.3.el9.x86_64 libstdc++-devel-11.3.1-4.3.el9.x86_64 m4-1.4.19-1.el9.x86_64 [2023-05-19 12:53:57] perl-AutoLoader-5.74-480.el9.noarch perl-B-1.80-480.el9.x86_64 perl-Carp-1.50-460.el9.noarch [2023-05-19 12:53:57] perl-Class-Struct-0.66-480.el9.noarch perl-Data-Dumper-2.174-462.el9.x86_64 perl-Digest-1.19-4.el9.noarch [2023-05-19 12:53:57] perl-Digest-MD5-2.58-4.el9.x86_64 perl-DynaLoader-1.47-480.el9.x86_64 perl-Encode-4:3.08-462.el9.x86_64 [2023-05-19 12:53:57] perl-Errno-1.30-480.el9.x86_64 perl-Exporter-5.74-461.el9.noarch perl-Fcntl-1.13-480.el9.x86_64 [2023-05-19 12:53:57] perl-File-Basename-2.85-480.el9.noarch perl-File-Compare-1.100.600-480.el9.noarch perl-File-Copy-2.34-480.el9.noarch [2023-05-19 12:53:57] perl-File-Find-1.37-480.el9.noarch perl-File-Path-2.18-4.el9.noarch perl-File-Temp-1:0.231.100-4.el9.noarch [2023-05-19 12:53:57] perl-File-stat-1.09-480.el9.noarch perl-FileHandle-2.03-480.el9.noarch perl-Getopt-Long-1:2.52-4.el9.noarch [2023-05-19 12:53:57] perl-Getopt-Std-1.12-480.el9.noarch perl-HTTP-Tiny-0.076-460.el9.noarch perl-IO-1.43-480.el9.x86_64 [2023-05-19 12:53:57] perl-IO-Socket-IP-0.41-5.el9.noarch perl-IO-Socket-SSL-2.073-1.el9.noarch perl-IPC-Open3-1.21-480.el9.noarch [2023-05-19 12:53:57] perl-MIME-Base64-3.16-4.el9.x86_64 perl-Mozilla-CA-20200520-6.el9.noarch perl-NDBM_File-1.15-480.el9.x86_64 [2023-05-19 12:53:57] perl-Net-SSLeay-1.92-2.el9.x86_64 perl-POSIX-1.94-480.el9.x86_64 perl-PathTools-3.78-461.el9.x86_64 [2023-05-19 12:53:57] perl-Pod-Escapes-1:1.07-460.el9.noarch perl-Pod-Perldoc-3.28.01-461.el9.noarch perl-Pod-Simple-1:3.42-4.el9.noarch [2023-05-19 12:53:57] perl-Pod-Usage-4:2.01-4.el9.noarch perl-Scalar-List-Utils-4:1.56-461.el9.x86_64 perl-SelectSaver-1.02-480.el9.noarch [2023-05-19 12:53:57] perl-Socket-4:2.031-4.el9.x86_64 perl-Storable-1:3.21-460.el9.x86_64 perl-Symbol-1.08-480.el9.noarch [2023-05-19 12:53:57] perl-Term-ANSIColor-5.01-461.el9.noarch perl-Term-Cap-1.17-460.el9.noarch perl-Text-ParseWords-3.30-460.el9.noarch [2023-05-19 12:53:57] perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch perl-Thread-Queue-3.14-460.el9.noarch perl-Time-Local-2:1.300-7.el9.noarch [2023-05-19 12:53:57] perl-URI-5.09-3.el9.noarch perl-base-2.27-480.el9.noarch perl-constant-1.33-461.el9.noarch [2023-05-19 12:53:57] perl-if-0.60.800-480.el9.noarch perl-interpreter-4:5.32.1-480.el9.x86_64 perl-libnet-3.13-4.el9.noarch [2023-05-19 12:53:57] perl-libs-4:5.32.1-480.el9.x86_64 perl-mro-1.23-480.el9.x86_64 perl-overload-1.31-480.el9.noarch [2023-05-19 12:53:57] perl-overloading-0.02-480.el9.noarch perl-parent-1:0.238-460.el9.noarch perl-podlators-1:4.14-460.el9.noarch [2023-05-19 12:53:57] perl-subs-1.03-480.el9.noarch perl-threads-1:2.25-460.el9.x86_64 perl-threads-shared-1.61-460.el9.0.1.x86_64 [2023-05-19 12:53:57] perl-vars-1.05-480.el9.noarch [2023-05-19 12:53:57] [2023-05-19 12:53:57] Complete! |
1.3 pcre安装
yum -y install pcre pcre-devel
|
1 2 3 4 5 6 7 8 |
[2023-05-19 12:54:09] [root@hecs-288529 ~]# yum -y install pcre pcre-devel ...... 2023-05-19 12:54:46] Installed: [2023-05-19 12:54:46] pcre-cpp-8.44-3.el9.3.x86_64 pcre-devel-8.44-3.el9.3.x86_64 pcre-utf16-8.44-3.el9.3.x86_64 pcre-utf32-8.44-3.el9.3.x86_64 [2023-05-19 12:54:46] [2023-05-19 12:54:46] Complete! |
1.4 zlib等安装
yum -y install zlib zlib-devel libtool
|
1 2 3 4 5 6 7 8 9 10 |
[2023-05-19 12:54:46] [root@hecs-288529 ~]# yum -y install zlib zlib-devel libtool ...... [2023-05-19 12:55:16] Upgraded: [2023-05-19 12:55:16] zlib-1.2.11-39.el9.x86_64 [2023-05-19 12:55:16] Installed: [2023-05-19 12:55:16] libtool-2.4.6-45.el9.x86_64 zlib-devel-1.2.11-39.el9.x86_64 [2023-05-19 12:55:16] [2023-05-19 12:55:16] Complete! |
1.5 openssl安装
yum -y install openssl openssl-devel
|
1 2 3 4 5 6 7 8 9 10 |
[2023-05-19 12:55:16] [root@hecs-288529 ~]# yum -y install openssl openssl-devel ...... [2023-05-19 12:55:41] Upgraded: [2023-05-19 12:55:41] openssl-1:3.0.7-6.el9_2.x86_64 openssl-libs-1:3.0.7-6.el9_2.x86_64 [2023-05-19 12:55:41] Installed: [2023-05-19 12:55:41] openssl-devel-1:3.0.7-6.el9_2.x86_64 [2023-05-19 12:55:41] [2023-05-19 12:55:41] Complete! |
1.6 检查wget并安装
|
1 2 3 |
wget --version |
如果没有安装,则安装它:
|
1 2 3 |
yum install -y wget |
2.创建nginx用户和组
|
1 2 3 4 |
[2023-05-19 12:55:41] [root@hecs-288529 ~]# groupadd nginx [2023-05-19 12:56:34] [root@hecs-288529 ~]# useradd nginx -g nginx -s /sbin/nologin -M |
3.下载nginx最新版安装包
访问nginx官方网站下载页面nginx: download查看最新版本,目前最新的稳定版本为1.24.0,并复制下载链接: nginx-1.24.0.tar.gz
进入源代码目录: cd /usr/local/src
下载安装包: wget https://nginx.org/download/nginx-1.24.0.tar.gz
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@hecs-288529 ~]# cd /usr/local/src [root@hecs-288529 src]# wget https://nginx.org/download/nginx-1.24.0.tar.gz [2023-05-19 12:58:41] Resolving nginx.org (nginx.org)... 52.58.199.22, 3.125.197.172, 2a05:d014:edb:5704::6, ... [2023-05-19 12:58:42] Connecting to nginx.org (nginx.org)|52.58.199.22|:443... connected. [2023-05-19 12:58:42] HTTP request sent, awaiting response... 200 OK [2023-05-19 12:58:43] Length: 1112471 (1.1M) [application/octet-stream] [2023-05-19 12:58:43] Saving to: nginx-1.24.0.tar.gz [2023-05-19 12:58:43] [2023-05-19 12:58:43] nginx-1.24.0.tar.gz 0%[ ] 0 --.-KB/s nginx-1.24.0.tar.gz 8%[====> ] 87.72K 222KB/s nginx-1.24.0.tar.gz 37%[==========================> ] 407.72K 515KB/s nginx-1.24.0.tar.gz 92%[===================================================================> ] 999.72K 1008KB/s nginx-1.24.0.tar.gz 100%[=========================================================================>] 1.06M 1.07MB/s in 1.0s [2023-05-19 12:58:44] [2023-05-19 12:58:44] 2023-05-19 12:58:45 (1.07 MB/s) - nginx-1.24.0.tar.gz saved [1112471/1112471] [2023-05-19 12:58:44] |
4.解压缩安装包
|
1 2 3 |
tar -zxvf nginx-1.24.0.tar.gz |
解压完成后,当前目录下会增加一个目录 nginx-1.24.0。
5.配置编译参数
进入源代码目录: cd nginx-1.124.0
配置编译参数: ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --user=nginx --group=nginx
|
1 2 3 4 5 6 7 8 |
[2023-05-19 12:59:45] [root@hecs-288529 src]# cd nginx-1.124.0 [2023-05-19 12:59:56] [root@hecs-288529 nginx-1.24.0]# ls [2023-05-19 12:59:58] auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src [2023-05-19 12:59:58] [root@hecs-288529 nginx-1.24.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --user=nginx --group=nginx |
6. 编译安装
|
1 2 3 |
make &&make install |
7.修改nginx文件夹归属
|
1 2 3 |
chown -R nginx:nginx /usr/local/nginx |
8.启动nginx
|
1 2 3 |
/usr/local/nginx/sbin/nginx |
9.检查测试
查看版本和编译参数: ./nginx -V
查看进程: ps -ef | grep nginx
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@hecs-288529 sbin]# ./nginx -V [2023-05-19 13:22:03] nginx version: nginx/1.24.0 [2023-05-19 13:22:03] built by gcc 11.3.1 20221121 (Red Hat 11.3.1-4) (GCC) [2023-05-19 13:22:03] built with OpenSSL 3.0.7 1 Nov 2022 [2023-05-19 13:22:03] TLS SNI support enabled [2023-05-19 13:22:03] configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --user=nginx --group=nginx [root@hecs-288529 sbin]# ps -ef | grep nginx [2023-05-19 13:22:16] root 19542 1 0 13:21 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx [2023-05-19 13:22:16] nginx 19543 19542 0 13:21 ? 00:00:00 nginx: worker process [2023-05-19 13:22:16] root 19547 5017 0 13:22 pts/2 00:00:00 grep --color=auto nginx |
用浏览器访问 wslibai.com应该可以看到nginx的启动页面,即表示安装成功。
10.停止nginx
|
1 2 3 |
/usr/local/nginx/sbin/nginx -s stop |
11.配置开机启动
11.1 新建服务文件nginx.service
用MobaXterm_Personal软件,在SSH browser(SFTP)窗口进入云服务器的/lib/systemd/system目录,新建文件并命名为 nginx.service。
11.2 修改文件为如下内容,并保存
打开刚才新建的文件,输入如下内容,并保存。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[Unit] Description=nginx After=network.target [Service] Type=forking ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx reload ExecStop=/usr/local/nginx/sbin/nginx quit PrivateTmp=true [Install] WantedBy=multi-user.target |
11.3 创建服务
|
1 2 3 |
systemctl enable nginx.service |
11.4 重启nginx服务
|
1 2 3 |
systemctl restart nginx |
11.5 查看nginx服务状态
|
1 2 3 |
systemctl status nginx |
12.配置SSL
12.1 上传证书文件到云服务器
(1) 进入nginx安装目录
cd /usr/local/nginx
(2) 新建cert子目录
mkdir cert
(3)上传证书文件到新建的cert目录
用MobaXterm_Personal软件,在SSH browser(SFTP)窗口将之前申请的证书文件
scs1677671813589_www.wslibai.com_Nginx 目录下的两个文件上传到新建的cert目录。
- scs1677671813589_www.wslibai.com_server.crt
- scs1677671813589_www.wslibai.com_server.key
12.2 修改nginx.conf配置文件
(1)修改工作进程数worker_processes
将
worker_processes 1; 修改为
worker_processes 2;,注意此处的数字应等于你的云服务器的CPU内核数量。
(2)开启错误日志记录
将
#error_log logs/error.log;语句前面的
#去掉。
(3)开启进程ID日志记录
将
#pid logs/nginx.pid;语句前面的
#去掉。
(4)开启SSL功能
将https的server块前面的注释符号
#去掉
注意: # HTTPS server这一行前面的注释符号 #不能去掉
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# HTTPS server # server { listen 443 ssl; server_name localhost; ssl_certificate /usr/local/nginx/cert/scs1677671813589_www.wslibai.com_server.crt; ssl_certificate_key /usr/local/nginx/cert/scs1677671813589_www.wslibai.com_server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } |
并将其中的这两行:
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
修改为:
ssl_certificate /usr/local/nginx/cert/scs1677671813589_www.wslibai.com_server.crt;
ssl_certificate_key /usr/local/nginx/cert/scs1677671813589_www.wslibai.com_server.key;请注意上面这两个参数值的路径和文件名要与12.1步上传的一致。
(5)开启http转发https功能
将http的server块修改为如下内容:
|
1 2 3 4 5 6 7 8 |
server { listen 80; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } |
13.重启nginx服务
用命令 systemctl restart nginx重启nginx服务,再使用命令 systemctl status nginx查看nginx服务状态。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
[2023-05-19 16:07:25] [root@hecs-288529 ~]# systemctl restart nginx.service [2023-05-19 16:07:35] [root@hecs-288529 ~]# systemctl status nginx.service [2023-05-19 16:07:35] nginx.service - nginx [2023-05-19 16:07:35] Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) [2023-05-19 16:07:35] Active: active (running) since Sun 2023-05-19 16:07:25 CST; 9s ago [2023-05-19 16:07:35] Process: 1442 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS) [2023-05-19 16:07:35] Main PID: 1443 (nginx) [2023-05-19 16:07:35] Tasks: 3 (limit: 23156) [2023-05-19 16:07:35] Memory: 3.3M [2023-05-19 16:07:35] CPU: 12ms [2023-05-19 16:07:35] CGroup: /system.slice/nginx.service [2023-05-19 16:07:35] 1443 "nginx: master process /usr/local/nginx/sbin/nginx" [2023-05-19 16:07:35] 1444 "nginx: worker process" [2023-05-19 16:07:35] 1445 "nginx: worker process" [2023-05-19 16:07:35] [2023-05-19 16:07:35] May 19 16:07:25 hecs-288529 systemd[1]: Starting nginx... [2023-05-19 16:07:35] May 19 16:07:25 hecs-288529 systemd[1]: Started nginx. [2023-05-19 16:07:35] |
14.访问网站测试验证
14.1 https访问测试
在浏览器输入网址 https://wslibai.com,访问正常。因当时未截屏保存,并且我的网站目前已经开始运营,故此处截图上加了 /index3.html,未采用默认文件名。
14.2 http访问测试
在浏览器输入网址
http://wslibai.com或者直接输入
wslibai.com,发现访问已经自动重定向至https了。
至此,大功告成。
14.3 问题排除
如出现无法访问网站的问题,一般是云服务器安全组设置问题,或者云服务器自身防火墙的设置问题,请检查80端口和443端口是否开放,详细操作请自行百度。
This is a demo advert, you can use simple text, HTML image or any Ad Service JavaScript code. If you're inserting HTML or JS code make sure editor is switched to 'Text' mode.
[…] 具体操作过程请参考安装nginx并开启SSL。 […]
真是太好了!
非常详细具体,我按照文章的步骤操作,很快就搞定了。
感谢感谢!!!
😀😀😀
👍👍👍