centos7 nginx配置httpsCenos(6.6/7.1)下从源码安装Python+Django+uwsgi+nginx环境部署(二)
2016-01-04 14:24
627 查看
1.yum安装nginx 下载对应当前系统版本的nginx包(package) # wget http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm 建立nginx的yum仓库 # rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm 下载并安装nginx # yum install nginx 启动nginx服务 systemctl start nginx 配置 默认的配置文件在 /etc/nginx 路径下,使用该配置已经可以正确地运行nginx;如需要自定义,修改其下的 nginx.conf或者conf.d/下的conf文件 2.安装uwsgiyum install python-devel pip install uwsgi 3.nginx 配置https一、生成私钥和证书创建带密钥口令的私钥 root@mysqlmaster:/tmp# openssl genrsa -des3 -out ng.key 1024 Generating RSA private key, 1024 bit long modulus ........++++++ ...........................................++++++ e is 65537 (0x10001) Enter pass phrase for ng.key: 输入口令 Verifying - Enter pass phrase for ng.key: 确认口令 二、创建csr文件 root@mysqlmaster:/tmp# openssl req -new -key ng.key -out ng.csr Enter pass phrase for ng.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:国家 如cn,hk State or Province Name (full name) [Some-State]:州或省的名称 如Beijing Locality Name (eg, city) []:什么地方级别,是城市还是乡镇 Organization Name (eg, company) [Internet Widgits Pty Ltd]:什么组织,如公司,政府 Organizational Unit Name (eg, section) []:组织单位名称 Common Name (eg, YOUR name) []:名字 Email Address []:邮件地址 Please enter the following 'extra' attributes 额外信息 to be sent with your certificate request A challenge password []: 复杂密码 An optional company name []: 1,创建私钥(去除密钥口令) openssl rsa -in ng.key -out server.key 输入口令 2,创建CA证书 openssl req -new -x509 -days 3650 -key server.key -out server.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: 和上面的步骤差不多,根据提示输入证书的信息,国家,管理人邮件,姓名,城市等 将生成的证书放到/etc/nginx/conf.d/目录下, root@mysqlmaster:/tmp# cp server.crt server.key /etc/nginx/conf.d 三、修改nginx配置文件 vi /etc/nginx/nginx/conf.d/default.conf #http server #server { # listen 80; # server_name localhost; #charset koi8-r; # location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ { # root /xspeeder/xweb; # } # location / { # root /xspeeder/xweb/xapp/templates/login; # index login.html; # uwsgi_pass 127.0.0.1:9000; # include uwsgi_params; # } # error_page 500 502 503 504 /50x.html # location = /50x.html { # root /usr/share/nginx/html; # } #} #https server server { listen 443 ssl; server_name localhost; ssl_certificate /etc/nginx/conf.d/server.crt; ssl_certificate_key /etc/nginx/conf.d/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /xspeeder/xweb/xapp/templates/login; index login.html; uwsgi_pass 127.0.0.1:9000; include uwsgi_params; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css|ico|woff|ttf)$ { root /xspeeder/xweb; } } #let http to https server{ listen 80; server_name 172.17.1.123; rewrite ^(.*) https://$server_name$1 permanent; } 注意以上为nginx的配置文件,分为三部分,每一个server函数为一个部分,第一部分为http的配置,第二部分为https的部分,第三个部分是将http重写到https,也就是所有的走80端口的都强制他都443端口去。 sed -i "/listen 80;/{n;s/.*/ server_name 172.17.1.129;/g}" /etc/nginx/conf.d/default.conf 重写匹配 重启nginx 即可访问。 uwsgi --socket 127.0.0.1:9000 --chdir /xspeeder/xweb/ --wsgi-file xweb/wsgi.py --master --processes 2 --threads 2 |
相关文章推荐
- 操作系统与网络实现 之十三
- 为什么OSPF在广播网络里面,DD和LSR采用单播,而LSU hello采用组播。
- 操作系统与网络实现 之十三
- 【网络流】【费用流】[POJ 2516]Minimum Cost
- 【网络流】【费用流】[HDU 1533]Going Home
- C#.网络编程.TcpListener&TcpClient
- 网络通信框架Volley使用详细说明
- HttpClient 4.3教程(转载)
- AngularJS XMLHttpRequest
- linux网络编程常用函数详解与实例(socket-->bind-->listen-->accept)
- 互联网时代网络流量的本质是什么?
- 贝叶斯网络(Belief Networks)--模型及方法
- httplib和urllib2常用方法
- Socket编程实践(6) --TCP服务端注意事项
- Socket编程实践(5) --TCP粘包问题与解决
- Socket编程实践(1) --TCP/IP简述
- web服务器、应用服务器、http服务器区别
- 通过Smart HTTP提供代码下载/上传服务
- ntp 同步网络时间
- SCRIPT7002: XMLHttpRequest: 网络错误 0x2ef3, 由于出现错误 00002ef3 而导致此项操作无法完成,浏览器中的Keep-Alive