Install and configure Nginx under Centos 7

Keywords: Web Server Nginx SSL sudo CentOS

This paper is based on entos 7 installation configuration Nginx operation practice record collation.

Configuration of EPEL Sources

sudo yum install -y epel-release
sudo yum -y update

II. Installation of Nginx

sudo yum install -y nginx

After successful installation, the default website directory is: / usr/share/nginx/html

The default configuration file is: / etc/nginx/nginx.conf

The custom profile directory is: / etc/nginx/conf.d/

3. Open ports 80 and 443

If your server opens the firewall, you need to run the following commands to open ports 80 and 443.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

If your server is Aliyun ECS, you can also open ports 80 and 443 or other custom ports through the console security group.

Specific operation path: Aliyun ECS Server - "Security Group -"Configuration Rules - "Security Group Rules -"Direction of Entry - "Add Security Group Rules

Port range: For example, if you want to open port 80, fill in 80/80 here.

Priority: Priority range is 1-100, default value is 1, that is, the highest priority.

The example diagram is as follows:

IV. Operating Nginx

1. Start Nginx

systemctl start nginx

2. Stop Nginx

systemctl stop nginx

3. Restart Nginx

systemctl restart nginx

4. View Nginx status

systemctl status nginx

5. Enable boot-up to start Nginx

systemctl enable nginx

6. Disable boot-up to start Nginx

systemctl disable nginx

Configuration of Nginx

1. Install Https Free Certificate (Take Aliyun Domain Name as an Example)

One Click to install acme.sh

curl  https://get.acme.sh | sh
echo 'alias acme.sh=~/.acme.sh/acme.sh' >> ~/.bashrc
source ~/.bashrc

Generating Https certificates

export Ali_Key="**********"  
export Ali_Secret="**********"  
acme.sh --issue --dns dns_ali -d domain

Among them:

Click on the Aliyun background, the user's avatar in the upper right corner, and select access keys from the menu.

Look at AccessKey ID and AccessKey Secret, which correspond to Ali_Key and Ali_Secret above.

Domain corresponds to the Aliyun domain name purchased under the account.

Copy certificates to nginx

mkdir -p /etc/nginx/ssl

acme.sh --install-cert -d domain \
--key-file       /etc/nginx/ssl/domain.key  \
--fullchain-file /etc/nginx/ssl/domain.cer \
--reloadcmd     "service nginx force-reload"

The https certificate was copied successfully.

At present, the https certificate will be updated automatically after 60 days. You don't need any operation. It may be shortened in the future, but it's all automatic. You don't need to care.

2. Configure nginx

Delete the server part of / etc/nginx/nginx.conf.

server {
...
}

Create a custom configuration file default.conf in / etc/nginx/conf.d

server {
    listen 80;
    listen 443 ssl;
    server_name  domain www.domain;
    location / {
         root /usr/share/nginx/html;
         index  index.html index.htm;
     }

    ssl on;
    ssl_certificate /etc/nginx/ssl/domain.crt;
    ssl_certificate_key /etc/nginx/ssl/domain.key;
    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    ssl_prefer_server_ciphers  on;

    error_page 497  https://$host$uri?$args;
}

Among them:
Root/usr/share/nginx/html; represents the directory of the website files, the semicolon after which cannot be omitted.

Ssl_certificate and ssl_certificate_key point to the https certificate.

error_page 497 https:// host$uri?$args; the purpose of this sentence is to force http to jump to https.

VI. Reference Documents

  1. How To Install Nginx on CentOS 7
  2. How To Install And Configure NGINX On CentOS 7
  3. How to install Nginx on CentOS 7 or RHEL 7
  4. How To Install Nginx on CentOS 7
  5. How to Install Nginx on CentOS 7
  6. acme.sh
  7. nginx supports HTTPS access using acme.sh configuration
  8. nginx configuration ssl to realize https access to small white text

Posted by patch2112 on Thu, 25 Apr 2019 15:21:36 -0700