编译环境安装

yum install -y gcc-c++

yum install -y pcre pcre-devel

yum install -y zlib zlib-devel

yum install -y openssl openssl-devel

下载nginx.tar.gz

编译

tar -xzvf nginx-1.15.3.tar.gz 
cd nginx-1.15.3

./configure --sbin-path=/usr/local/nginx/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --with-pcre --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module
make 
make install

服务制作

cat <<EOF > /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
  
[Service]
Type=forking
ExecStart=/usr/local/nginx/nginx
ExecReload=/usr/local/nginx/nginx -s reload
ExecStop=/usr/local/nginx/nginx -s quit
PrivateTmp=true
  
[Install]
WantedBy=multi-user.target
EOF

systemctl enable nginx.service
systemctl start nginx.service

测试

curl localhost

配置nginx.conf

server {

listen 80 default backlog=2048;

listen 443 ssl;

server_name localhost;

ssl_certificate /home/cert/https.crt;

ssl_certificate_key /home/cert/https.key;

 

生成证书

配置https签名证书

　　创建https证书存放目录：mkdir cert

      创建私钥：openssl genrsa -des3 -out https.key 2048

      创建签名请求证书：openssl req -new -key https.key -out https.csr

      在加载SSL支持的Nginx并使用上述私钥时除去必须的口令：

　　cp https.key https.key.org

　　openssl rsa -in https.key.org -out https.key

　　最后标记证书使用上述私钥和CSR和有效期：openssl x509 -req -days 365 -in https.csr -signkey https.key -out https.crt

 

 

配置globalsign颁发的证书

将邮件中的域名证书和中级证书保存下来，加上原始的私钥。

ssl_certificate /home/jsqg/app/cert/jsqg.mohurd.gov.cn.crt; #公钥文件(Globalsign颁发的证书)

ssl_certificate_key /home/jsqg/app/cert/server.key; #私钥文件

ssl_client_certificate /home/jsqg/app/cert/gs_intermediate_ca.crt; #中级证书