您的位置:首页 > 理论基础 > 计算机网络

centos7 nginx配置httpsCenos(6.6/7.1)下从源码安装Python+Django+uwsgi+nginx环境部署(二)

2016-01-04 14:24 627 查看
1.yum安装nginx

下载对应当前系统版本的nginx包(package)

# wget http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
建立nginx的yum仓库

# rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm

下载并安装nginx

# yum install nginx

启动nginx服务

systemctl start nginx

配置

默认的配置文件在 /etc/nginx 路径下,使用该配置已经可以正确地运行nginx;如需要自定义,修改其下的 nginx.conf或者conf.d/下的conf文件

2.安装uwsgi

yum install python-devel

pip install uwsgi


3.nginx 配置https

一、生成私钥和证书

创建带密钥口令的私钥
root@mysqlmaster:/tmp# openssl genrsa -des3 -out ng.key 1024
Generating RSA private key, 1024 bit long modulus
........++++++
...........................................++++++
e is 65537 (0x10001)
Enter pass phrase for ng.key: 输入口令
Verifying - Enter pass phrase for ng.key: 确认口令
二、创建csr文件
root@mysqlmaster:/tmp# openssl req -new -key ng.key -out ng.csr
Enter pass phrase for ng.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:国家 如cn,hk
State or Province Name (full name) [Some-State]:州或省的名称 如Beijing
Locality Name (eg, city) []:什么地方级别,是城市还是乡镇
Organization Name (eg, company) [Internet Widgits Pty Ltd]:什么组织,如公司,政府
Organizational Unit Name (eg, section) []:组织单位名称
Common Name (eg, YOUR name) []:名字
Email Address []:邮件地址

Please enter the following 'extra' attributes 额外信息
to be sent with your certificate request
A challenge password []: 复杂密码
An optional company name []:

1,创建私钥(去除密钥口令)
openssl rsa -in ng.key -out server.key
输入口令

2,创建CA证书
openssl req -new -x509 -days 3650 -key server.key -out server.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
和上面的步骤差不多,根据提示输入证书的信息,国家,管理人邮件,姓名,城市等

将生成的证书放到/etc/nginx/conf.d/目录下,

root@mysqlmaster:/tmp# cp server.crt server.key /etc/nginx/conf.d

三、修改nginx配置文件

vi /etc/nginx/nginx/conf.d/default.conf

#http server
#server {
#    listen       80;
#    server_name  localhost;

#charset koi8-r;

#    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
#       root   /xspeeder/xweb;
#   }
#    location / {
#        root    /xspeeder/xweb/xapp/templates/login;
#       index  login.html;
#       uwsgi_pass 127.0.0.1:9000;
#        include  uwsgi_params;
#    }

#    error_page   500 502 503 504  /50x.html
#   location = /50x.html {
#        root   /usr/share/nginx/html;
#    }
#}
#https server
server {
listen       443 ssl;
server_name  localhost;

ssl_certificate      /etc/nginx/conf.d/server.crt;
ssl_certificate_key  /etc/nginx/conf.d/server.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;

ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

location / {
root /xspeeder/xweb/xapp/templates/login;
index login.html;
uwsgi_pass 127.0.0.1:9000;
include  uwsgi_params;

}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css|ico|woff|ttf)$ {
root   /xspeeder/xweb;
}

}

#let http  to https
server{
listen 80;
server_name 172.17.1.123;
rewrite ^(.*) https://$server_name$1 permanent;
}


注意以上为nginx的配置文件,分为三部分,每一个server函数为一个部分,第一部分为http的配置,第二部分为https的部分,第三个部分是将http重写到https,也就是所有的走80端口的都强制他都443端口去。

sed -i "/listen 80;/{n;s/.*/        server_name 172.17.1.129;/g}" /etc/nginx/conf.d/default.conf


重写匹配

重启nginx 即可访问。

uwsgi --socket 127.0.0.1:9000 --chdir /xspeeder/xweb/ --wsgi-file xweb/wsgi.py --master --processes 2 --threads 2

内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航