This paper is based on entos 7 installation configuration Nginx operation practice record collation.
Configuration of EPEL Sources
sudo yum install -y epel-release sudo yum -y update
II. Installation of Nginx
sudo yum install -y nginx
After successful installation, the default website directory is: / usr/share/nginx/html
The default configuration file is: / etc/nginx/nginx.conf
The custom profile directory is: / etc/nginx/conf.d/
3. Open ports 80 and 443
If your server opens the firewall, you need to run the following commands to open ports 80 and 443.
sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --permanent --zone=public --add-service=https sudo firewall-cmd --reload
If your server is Aliyun ECS, you can also open ports 80 and 443 or other custom ports through the console security group.
Specific operation path: Aliyun ECS Server - "Security Group -"Configuration Rules - "Security Group Rules -"Direction of Entry - "Add Security Group Rules
Port range: For example, if you want to open port 80, fill in 80/80 here.
Priority: Priority range is 1-100, default value is 1, that is, the highest priority.
The example diagram is as follows:
IV. Operating Nginx
1. Start Nginx
systemctl start nginx
2. Stop Nginx
systemctl stop nginx
3. Restart Nginx
systemctl restart nginx
4. View Nginx status
systemctl status nginx
5. Enable boot-up to start Nginx
systemctl enable nginx
6. Disable boot-up to start Nginx
systemctl disable nginx
Configuration of Nginx
1. Install Https Free Certificate (Take Aliyun Domain Name as an Example)
One Click to install acme.sh
curl https://get.acme.sh | sh echo 'alias acme.sh=~/.acme.sh/acme.sh' >> ~/.bashrc source ~/.bashrc
Generating Https certificates
export Ali_Key="**********" export Ali_Secret="**********" acme.sh --issue --dns dns_ali -d domain
Among them:
Click on the Aliyun background, the user's avatar in the upper right corner, and select access keys from the menu.
Look at AccessKey ID and AccessKey Secret, which correspond to Ali_Key and Ali_Secret above.
Domain corresponds to the Aliyun domain name purchased under the account.
Copy certificates to nginx
mkdir -p /etc/nginx/ssl acme.sh --install-cert -d domain \ --key-file /etc/nginx/ssl/domain.key \ --fullchain-file /etc/nginx/ssl/domain.cer \ --reloadcmd "service nginx force-reload"
The https certificate was copied successfully.
At present, the https certificate will be updated automatically after 60 days. You don't need any operation. It may be shortened in the future, but it's all automatic. You don't need to care.
2. Configure nginx
Delete the server part of / etc/nginx/nginx.conf.
server { ... }
Create a custom configuration file default.conf in / etc/nginx/conf.d
server { listen 80; listen 443 ssl; server_name domain www.domain; location / { root /usr/share/nginx/html; index index.html index.htm; } ssl on; ssl_certificate /etc/nginx/ssl/domain.crt; ssl_certificate_key /etc/nginx/ssl/domain.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; error_page 497 https://$host$uri?$args; }
Among them:
Root/usr/share/nginx/html; represents the directory of the website files, the semicolon after which cannot be omitted.
Ssl_certificate and ssl_certificate_key point to the https certificate.
error_page 497 https:// host$uri?$args; the purpose of this sentence is to force http to jump to https.
VI. Reference Documents
- How To Install Nginx on CentOS 7
- How To Install And Configure NGINX On CentOS 7
- How to install Nginx on CentOS 7 or RHEL 7
- How To Install Nginx on CentOS 7
- How to Install Nginx on CentOS 7
- acme.sh
- nginx supports HTTPS access using acme.sh configuration
- nginx configuration ssl to realize https access to small white text
