前言：
選擇Nginx的長(zhǎng)處：
Nginx 能夠在大多數(shù) Unix like OS 上編譯執(zhí)行。并有 Windows 移植版。 Nginx 的1.4.0穩(wěn)定版已經(jīng)于2013年4月24日公布。普通情況下，對(duì)于新建站點(diǎn)，建議使用最新穩(wěn)定版作為生產(chǎn)版本號(hào)，已有站點(diǎn)的升級(jí)急迫性不高。Nginx 的源碼使用 2-clause BSD-like license。
Nginx 是一個(gè)非常強(qiáng)大的高性能Web和反向代理服務(wù)器，它具有非常多非常優(yōu)越的特性：
在高連接并發(fā)的情況下，Nginx是Apache服務(wù)器不錯(cuò)的替代品：Nginx在美國(guó)是做虛擬主機(jī)生意的老板們常常選擇的軟件平臺(tái)之中的一個(gè)。

能夠支持高達(dá) 50,000 個(gè)并發(fā)連接數(shù)的響應(yīng)，感謝Nginx為我們選擇了 epoll and kqueue作為開(kāi)發(fā)模型。

1.1?執(zhí)行安裝

tar?-xvf nginx-1.4.2.tar.gz

cd nginx-1.4.2

./configure?--prefix=/usr/nginx?--with-http_stub_status_module?--with-debug?--with-http_realip_module?--with-http_ssl_module

[root@localhost nginx-1.4.2]#?make install

......

test?-d \'/usr/nginx/logs\'?||?mkdir?-p \'/usr/nginx/logs\'

test?-d \'/usr/nginx/logs\'?||?mkdir?-p \'/usr/nginx/logs\'

test?-d \'/usr/nginx/html\'?||?cp?-R html \'/usr/nginx\'

test?-d \'/usr/nginx/logs\'?||?mkdir?-p \'/usr/nginx/logs\'

1.2 查看進(jìn)程數(shù)
進(jìn)程數(shù)是與top出來(lái)的cpu數(shù)量是一樣的。在/usr/local/nginx/conf/nginx.conf配置文件中面的worker_processes參數(shù)。

worker_processes指明了nginx要開(kāi)啟的進(jìn)程數(shù)。據(jù)官方說(shuō)法，一般開(kāi)一個(gè)就夠了，多開(kāi)幾個(gè)，能夠降低機(jī)器io帶來(lái)的影響。據(jù)實(shí)踐表明。nginx的這個(gè)參數(shù)在普通情況下開(kāi)4個(gè)或8個(gè)就能夠了。再往上開(kāi)的話(huà)優(yōu)化不太大。據(jù)還有一種說(shuō)法是，nginx開(kāi)啟太多的進(jìn)程，會(huì)影響主進(jìn)程調(diào)度，所以占用的cpu會(huì)增高。

[root@lb-net-2 ~]#?ps?-eaf|grep nginx

root 2221 1382 0 18:06 pts/0 00:00:00 grep nginx

root 16260 1 0 Jun18???00:00:00 nginx:?master process /usr/local/nginx/sbin/nginx

nobody 16261 16260 0 Jun18???00:01:26 nginx:?worker process?

nobody 16262 16260 0 Jun18???00:01:32 nginx:?worker process?

nobody 16263 16260 0 Jun18???00:01:25 nginx:?worker process?

nobody 16264 16260 0 Jun18???00:01:33 nginx:?worker process?

nobody 16265 16260 0 Jun18??

?00:01:32 nginx:?worker process?

nobody 16266 16260 0 Jun18???00:01:24 nginx:?worker process?

nobody 16267 16260 0 Jun18??

?00:01:32 nginx:?worker process?

nobody 16268 16260 0 Jun18??

?00:01:23 nginx:?worker process?

nobody 16269 16260 0 Jun18??

?00:01:32 nginx:?worker process?

nobody 16270 16260 0 Jun18???00:01:26 nginx:?worker process?

nobody 16271 16260 0 Jun18??

?00:01:32 nginx:?worker process?

nobody 16272 16260 0 Jun18???00:01:25 nginx:?worker process?

nobody 16273 16260 0 Jun18???00:01:26 nginx:?worker process?

nobody 16274 16260 0 Jun18???00:01:32 nginx:?worker process?

nobody 16275 16260 0 Jun18???00:01:32 nginx:?worker process?

nobody 16276 16260 0 Jun18??

?00:01:33 nginx:?worker process?

nobody 16277 16260 0 Jun18???00:01:24 nginx:?worker process?

nobody 16278 16260 0 Jun18???00:01:24 nginx:?worker process?

nobody 16279 16260 0 Jun18???00:01:30 nginx:?worker process?

nobody 16280 16260 0 Jun18??

?00:01:24 nginx:?worker process?

nobody 16281 16260 0 Jun18???00:01:32 nginx:?worker process?

nobody 16282 16260 0 Jun18???00:01:32 nginx:?worker process?

nobody 16283 16260 0 Jun18??

?00:01:25 nginx:?worker process?

nobody 16284 16260 0 Jun18??

?00:01:26 nginx:?worker process

2 配置文件
2.1 Nginx反向代理實(shí)踐
省過(guò)

2.2 Nginx Rewrite又一次定向
使用nginx做又一次定向。?
nginx參考網(wǎng)址：http://blog.sina.com.cn/s/blog_97688f8e0100zws5.html
語(yǔ)法規(guī)則： location [=|~|~*|^~] /uri/ { … }
= 開(kāi)頭表示精確匹配
^~ 開(kāi)頭表示uri以某個(gè)常規(guī)字符串開(kāi)頭。理解為匹配 url路徑即可。

nginx不正確url做編碼。因此請(qǐng)求為/static/20%/aa，能夠被規(guī)則^~ /static/ /aa匹配到（注意是空格）。

~ 開(kāi)頭表示區(qū)分大寫(xiě)和小寫(xiě)的正則匹配
~* ?開(kāi)頭表示不區(qū)分大寫(xiě)和小寫(xiě)的正則匹配
!~和!~*分別為區(qū)分大寫(xiě)和小寫(xiě)不匹配及不區(qū)分大寫(xiě)和小寫(xiě)不匹配 的正則
/ 通用匹配，不論什么請(qǐng)求都會(huì)匹配到。

多個(gè)location配置的情況下匹配順序?yàn)?#xff08;參考資料而來(lái)，還未實(shí)際驗(yàn)證。試試就知道了。不必拘泥，僅供參考）:
首先匹配 =。其次匹配^~, 其次是按文件中順序的正則匹配，最后是交給 / 通用匹配。當(dāng)有匹配成功時(shí)候，停止匹配。按當(dāng)前匹配規(guī)則處理請(qǐng)求。
樣例，有例如以下匹配規(guī)則：
location = / {
? ?#規(guī)則A
}
location = /login {
? ?#規(guī)則B
}
location ^~ /static/ {
? ?#規(guī)則C
}
location ~ \.(gif|jpg|png|js|css)$ {
? ?#規(guī)則D
}
location ~* \.png$ {
? ?#規(guī)則E
}
location !~ \.xhtml$ {
? ?#規(guī)則F
}
location !~* \.xhtml$ {
? ?#規(guī)則G
}
location / {
? ?#規(guī)則H
}
那么產(chǎn)生的效果例如以下：
訪(fǎng)問(wèn)根文件夾/， 比方http://localhost/ 將匹配規(guī)則A
訪(fǎng)問(wèn) http://localhost/login 將匹配規(guī)則B，http://localhost/register 則匹配規(guī)則H
訪(fǎng)問(wèn) http://localhost/static/a.html 將匹配規(guī)則C
訪(fǎng)問(wèn) http://localhost/a.gif, http://localhost/b.jpg 將匹配規(guī)則D和規(guī)則E。可是規(guī)則D順序優(yōu)先，規(guī)則E不起作用，而 http://localhost/static/c.png 則優(yōu)先匹配到規(guī)則C
訪(fǎng)問(wèn) http://localhost/a.PNG 則匹配規(guī)則E，而不會(huì)匹配規(guī)則D。由于規(guī)則E不區(qū)分大寫(xiě)和小寫(xiě)。

訪(fǎng)問(wèn) http://localhost/a.xhtml 不會(huì)匹配規(guī)則F和規(guī)則G。http://localhost/a.XHTML不會(huì)匹配規(guī)則G，由于不區(qū)分大寫(xiě)和小寫(xiě)。規(guī)則F，規(guī)則G屬于排除法，符合匹配規(guī)則可是不會(huì)匹配到。所以想想看實(shí)際應(yīng)用中哪里會(huì)用到。
訪(fǎng)問(wèn) http://localhost/category/id/1111 則終于匹配到規(guī)則H，由于以上規(guī)則都不匹配，這個(gè)時(shí)候應(yīng)該是nginx轉(zhuǎn)發(fā)請(qǐng)求給后端應(yīng)用服務(wù)器，比方FastCGI（php），tomcat（jsp）。nginx作為方向代理服務(wù)器存在。

所以實(shí)際使用中。個(gè)人認(rèn)為至少有三個(gè)匹配規(guī)則定義，例如以下：
#直接匹配站點(diǎn)根，通過(guò)域名訪(fǎng)問(wèn)站點(diǎn)首頁(yè)比較頻繁，使用這個(gè)會(huì)加速處理，官網(wǎng)如是說(shuō)。
#這里是直接轉(zhuǎn)發(fā)給后端應(yīng)用服務(wù)器了。也能夠是一個(gè)靜態(tài)首頁(yè)
# 第一個(gè)必選規(guī)則
location = / {
? ? proxy_pass http://tomcat:8080/index
}
# 第二個(gè)必選規(guī)則是處理靜態(tài)文件請(qǐng)求，這是nginx作為http服務(wù)器的強(qiáng)項(xiàng)
# 有兩種配置模式，文件夾匹配或后綴匹配,任選其一或搭配使用
location ^~ /static/ {
? ? root /webroot/static/;
}
location ~* \.(gif|jpg|jpeg|png|css|js|ico)$ {
? ? root /webroot/res/;
}
#第三個(gè)規(guī)則就是通用規(guī)則。用來(lái)轉(zhuǎn)發(fā)動(dòng)態(tài)請(qǐng)求到后端應(yīng)用服務(wù)器
#非靜態(tài)文件請(qǐng)求就默認(rèn)是動(dòng)態(tài)請(qǐng)求。自己依據(jù)實(shí)際把握
#畢竟眼下的一些框架的流行。帶.php,.jsp后綴的情況非常少了
location / {
? ? proxy_pass http://tomcat:8080/
}


2.3 ReWrite語(yǔ)法
last – 基本上都用這個(gè)Flag。

break – 中止Rewirte，不在繼續(xù)匹配
redirect – 返回暫時(shí)重定向的HTTP狀態(tài)302
permanent – 返回永久重定向的HTTP狀態(tài)301
1、以下是能夠用來(lái)推斷的表達(dá)式：
-f和!-f用來(lái)推斷是否存在文件
-d和!-d用來(lái)推斷是否存在文件夾
-e和!-e用來(lái)推斷是否存在文件或文件夾
-x和!-x用來(lái)推斷文件是否可執(zhí)行
2、以下是能夠用作推斷的全局變量
例：http://localhost:88/test1/test2/test.php
$host：localhost
$server_port：88
$request_uri：http://localhost:88/test1/test2/test.php
$document_uri：/test1/test2/test.php
$document_root：D:\nginx/html
$request_filename：D:\nginx/html/test1/test2/test.php

2.4 Redirect語(yǔ)法
server {
listen 80;
server_name start.igrow.cn;
index index.html index.php;
root html;
if ($http_host !~ “^star\.igrow\.cn$&quot {
rewrite ^(.*) http://star.igrow.cn$1 redirect;
}
}

2.5 防盜鏈
location ~* \.(gif|jpg|swf)$ {
valid_referers none blocked start.igrow.cn sta.igrow.cn;
if ($invalid_referer) {
rewrite ^/ http://$host/logo.png;
}
}

2.6 依據(jù)文件類(lèi)型設(shè)置過(guò)期時(shí)間
location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ {
if (-f $request_filename) {
expires 1h;
break;
}
}

2.7 禁止訪(fǎng)問(wèn)某個(gè)文件夾
location ~* \.(txt|doc)${
root /data/www/wwwroot/linuxtone/test;
deny all;
}
一些可用的全局變量:
$args
$content_length
$content_type
$document_root
$document_uri
$host
$http_user_agent
$http_cookie
$limit_rate
$request_body_file
$request_method
$remote_addr
$remote_port
$remote_user
$request_filename
$request_uri
$query_string
$scheme
$server_protocol
$server_addr
$server_name
$server_port
$uri


2.8 Nginx靜態(tài)文件(css,js,jpg等等web靜態(tài)資源)
vim /usr/local/nginx/conf/nginx.conf
? server {
? ? ? ? listen ? ? ? 80;
? ? ? ? server_name ?localhost;
? ? ? ? open_file_cache max=10000 inactive=60s;


? ? ? ? location /group1/M00 {
? ? ? ? ? ? root ? /data/fastdfs/data;
? ? ? ? ? ? ngx_fastdfs_module;
? ? ? ? }


? ? ? ? location /css {
? ? ? ? ? ? root ? plocc_static;
? ? ? ? ? ? include gzip.conf;
? ? ? ? }


? ? ? ? location /common {
? ? ? ? ? ? root ? plocc_static;
? ? ? ? ? ? include gzip.conf;
? ? ? ? }


2.9 nginx 轉(zhuǎn)發(fā)project的日志文件
去nginx.conf配置文件中面去看訪(fǎng)問(wèn)日志，例如以下：
vim nginx.conf
? ? ? ?location ~* ^/mobileWeb/.*$ {
? ? ? ? ? ?include deny.conf;


? ? ? ? ? ?proxy_pass http://mobilewebbackend;
? ? ? ? ? ?include proxy.conf;


? ? ? ? ? ?error_log ?logs/mobileweb_error.log error;
? ? ? ? ? ?access_log ?logs/mobileweb_access.log ?main;


? ? ? ? ? ?include gzip.conf;
? ? ? ? }
再去logs文件夾查看日志文件。例如以下：
[root@xx logs]# ll /usr/local/nginx/logs/mobileweb*
-rw-r--r--. 1 root root 10946 7月 ?18 10:36 /usr/local/nginx/logs/mobileweb_access.log
-rw-r--r--. 1 root root ?1628 7月 ?18 10:36 /usr/local/nginx/logs/mobileweb_error.log


3 加入啟動(dòng)服務(wù)

[root@localhost nginx]#?cat /etc/init.d/nginx

#!/bin/bash

#chkconfig:2345 70 70

#description:nginx

BIN=/usr/nginx/sbin/nginx

function d_start {

??$BIN?||?echo?-n \"nginx is running\"

}

function d_stop {

??$BIN?-s stop?||?echo?-n \"nginx is not running\"

}

function d_reload {

??$BIN?-s reload?||?echo?-n \"nginx reload failed\"

}

case $1?in

start)

???echo?start nginx

???d_start

;;

stop)?

???echo?stop nginx

???d_stop

;;

reload)

???echo?reload nginx

???d_reload

;;

restart)

???echo?restart nginx

???d_stop

???echo?sleep?5s

???sleep?5

???d_start

;;

*)?

???echo?\"Usage: nginx [start | stop |reload |restart]\"

;;

esac

exit 0

啟動(dòng)：?service nginx start;


4 制作證書(shū)Key。
4.1.首先要生成服務(wù)器端的私鑰(key文件):
openssl genrsa -des3 -out server.key 2048

Enter pass phrase for server.key:gongsilong0617

4.2.用server.key生成一個(gè)證書(shū)：
openssl req -new -key server.key -out server.csr
pass phrase: gongsilong0617

[root@localhost ssl]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:cn
State or Province Name (full name) [Berkshire]:shanghai
Locality Name (eg, city) [Newbury]:shanghai
Organization Name (eg, company) [My Company Ltd]:gongsilong
Organizational Unit Name (eg, section) []:business
Common Name (eg, your name or your server's hostname) []:ops
Email Address []:mch@gongsilong.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:gongsilong0617
An optional company name []:gongsilong
[root@localhost ssl]#

4.3.?對(duì)客戶(hù)端也作相同的命令生成key及csr文件
openssl genrsa -des3 -out client.key 2048
pass phrase: plclient0618

[root@localhost client]# openssl req -new -key client.key -out client.csr
Enter pass phrase for client.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:cn
State or Province Name (full name) [Berkshire]:shanghai
Locality Name (eg, city) [Newbury]:shanghai
Organization Name (eg, company) [My Company Ltd]:gongsilong
Organizational Unit Name (eg, section) []:business
Common Name (eg, your name or your server's hostname) []:ops
Email Address []:mch@gongsilong.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:plclient0618
An optional company name []:gongsilong

4.4 生成的CSR證書(shū)文件必須有CA的簽名才可形成證書(shū).這里制作自己的CA 這時(shí)生成一個(gè)KEY文件ca.key 和根證書(shū)ca.crt
pass phrase: gongsilong0617

[root@localhost ssl]# openssl req -new -x509 -nodes -keyout ca.key -out ca.crt
Generating a 1024 bit RSA private key
.......++++++
................++++++
writing new private key to 'ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:cn
State or Province Name (full name) [Berkshire]:shanghai
Locality Name (eg, city) [Newbury]:
writing new private key to 'ca.key'Organization Name (eg, company) [My Company Ltd]:
[root@localhost ssl]# openssl req -new -x509 -keyout ca.key -out ca.crt
Generating a 1024 bit RSA private key
..............++++++
..................................................++++++
writing new private key to 'ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:cn
State or Province Name (full name) [Berkshire]:shanghai
Locality Name (eg, city) [Newbury]:shanghai
Organization Name (eg, company) [My Company Ltd]:gongsilong
Organizational Unit Name (eg, section) []:business
Common Name (eg, your name or your server's hostname) []:ops
Email Address []:mch@gongsilong.com
[root@localhost ssl]#?
[root@localhost ssl]# mch@gongsilong.com
-bash: mch@gongsilong.com: command not found
[root@localhost ssl]#?

簽署證書(shū)準(zhǔn)備工作：
[root@mail ssl]# vim /etc/pki/tls/openssl.cnf
#dir ? ? ? ? ? ?= ../../CA ? ? ?//改動(dòng)例如以下
dir ? ? ? ? ? ? = /etc/pki/plocc/CA


touch /etc/pki/plocc/CA/{index.txt,serial}?
[root@localhost ssl]# ll /etc/pki/plocc/CA/
總計(jì) 0
-rw-r--r-- 1 root root 0 06-18 10:47 index.txt
-rw-r--r-- 1 root root 0 06-18 10:47 serial
[root@localhost ssl]# echo 01 > /etc/pki/plocc/CA/serial
[root@localhost ssl]# mkdir /etc/pki/plocc/CA/newcerts

4.5 用生成的CA的證書(shū)(ca.crt)為剛才生成的server.csr,client.csr文件簽名
pass phrase:gongsilong0617
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key?

[root@localhost ssl]#?openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key?
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
? ? ? ? Serial Number: 1 (0x1)
? ? ? ? Validity
? ? ? ? ? ? Not Before: Jun 18 04:04:09 2014 GMT
? ? ? ? ? ? Not After : Jun 18 04:04:09 2015 GMT
? ? ? ? Subject:
? ? ? ? ? ? countryName ? ? ? ? ? ? ? = cn
? ? ? ? ? ? stateOrProvinceName ? ? ? = shanghai
? ? ? ? ? ? organizationName ? ? ? ? ?= baolong
? ? ? ? ? ? organizationalUnitName ? ?= business
? ? ? ? ? ? commonName ? ? ? ? ? ? ? ?= ops
? ? ? ? ? ? emailAddress ? ? ? ? ? ? ?= mch@gongsilong.com
? ? ? ? X509v3 extensions:
? ? ? ? ? ? X509v3 Basic Constraints:?
? ? ? ? ? ? ? ? CA:FALSE
? ? ? ? ? ? Netscape Comment:?
? ? ? ? ? ? ? ? OpenSSL Generated Certificate
? ? ? ? ? ? X509v3 Subject Key Identifier:?
? ? ? ? ? ? ? ? 52:6A:D9:56:CB:2B:DA:E3:9A:18:CC:FE:4D:A1:8C:21:86:55:D5:11
? ? ? ? ? ? X509v3 Authority Key Identifier:?
? ? ? ? ? ? ? ? keyid:4E:F5:29:7F:6B:AD:11:EF:FC:44:CC:76:1D:B0:B9:F7:4B:9D:CB:93

Certificate is to be certified until Jun 18 04:04:09 2015 GMT (365 days)
Sign the certificate?

[y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]#?

[root@localhost ssl]#?openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key?
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
? ? ? ? Serial Number: 2 (0x2)
? ? ? ? Validity
? ? ? ? ? ? Not Before: Jun 18 04:10:40 2014 GMT
? ? ? ? ? ? Not After : Jun 18 04:10:40 2015 GMT
? ? ? ? Subject:
? ? ? ? ? ? countryName ? ? ? ? ? ? ? = cn
? ? ? ? ? ? stateOrProvinceName ? ? ? = shanghai
? ? ? ? ? ? organizationName ? ? ? ? ?= baolong
? ? ? ? ? ? organizationalUnitName ? ?= business
? ? ? ? ? ? commonName ? ? ? ? ? ? ? ?= ops
? ? ? ? ? ? emailAddress ? ? ? ? ? ? ?= mch@gongsilong.com
? ? ? ? X509v3 extensions:
? ? ? ? ? ? X509v3 Basic Constraints:?
? ? ? ? ? ? ? ? CA:FALSE
? ? ? ? ? ? Netscape Comment:?
? ? ? ? ? ? ? ? OpenSSL Generated Certificate
? ? ? ? ? ? X509v3 Subject Key Identifier:?
? ? ? ? ? ? ? ? E2:64:97:DC:A6:2B:85:53:5F:6C:5C:8D:1F:EB:59:C8:2C:66:C5:10
? ? ? ? ? ? X509v3 Authority Key Identifier:?
? ? ? ? ? ? ? ? keyid:4E:F5:29:7F:6B:AD:11:EF:FC:44:CC:76:1D:B0:B9:F7:4B:9D:CB:93


Certificate is to be certified until Jun 18 04:10:40 2015 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]#?


[PS]：附帶功能：
另外，這個(gè)certificate是BASE64形式的,要轉(zhuǎn)成PKCS12才干裝到IE,/NETSCAPE上.轉(zhuǎn)換例如以下：
雙擊安裝即可
?openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
這個(gè)是ISO 須要的證書(shū)格式
openssl x509 -in client.crt -out client.cer
這個(gè)是android 須要的證書(shū)格式。
[root@mail ssl]# openssl pkcs12 -export -in client.crt -inkey client.key -out ?client.pfx
Enter pass phrase for client.key: ? ? ?//客戶(hù)端私鑰password
Enter Export Password: ? ? ? ? ? ? //pfx文件導(dǎo)入要求的password
Verifying - Enter Export Password:

[root@localhost conf]#?service nginx stop
stop nginx
Enter PEM pass phrase:
phrase is too short, needs to be at least 4 chars
Enter PEM pass phrase:
phrase is too short, needs to be at least 4 chars
Enter PEM pass phrase:

nginx啟動(dòng)SSL默認(rèn)不輸入password
假設(shè)nginx配置了SSL，在每次啟動(dòng)nginx的時(shí)候都會(huì)須要你手動(dòng)輸入證書(shū)的password，假設(shè)不想輸入，能夠
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key
這樣啟動(dòng)nginx的時(shí)候就不須要輸入password了。

[root@localhost ssl]#?cp server.key server.key.orig
[root@localhost ssl]#?openssl rsa -in server.key.orig -out server.key
Enter pass phrase for server.key.orig:
unable to load Private Key
20487:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:325:
20487:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425:
[root@localhost ssl]#?

這里奇怪，一開(kāi)始通只是，可是過(guò)了15分鐘后，在執(zhí)行一遍，輸入password，又通過(guò)了，例如以下所看到的：
[root@localhost ssl]# openssl rsa -in server.key.orig -out server.key
Enter pass phrase for server.key.orig:
writing RSA key
[root@localhost ssl]#?

當(dāng)然也能夠保留password。改用expect的方式，這個(gè)能夠參考expect自己主動(dòng)登錄SSH的方法。下次有時(shí)間再整理貼上來(lái)

5 靜態(tài)文件地址映射 nginx
location = userWeb/userCenter/findConsultList.htm {
? ? ? ? ? ?rewrite ^.*$ http://xx.gongsilong.com/xx/xx/findConsultList.htm;
? ? ? ? }


?# add by tim begin ...
? ? ? ? location ~* ^/svn/(.*) {
? ? ? ? ? ?rewrite ^.*$ https://192.123.11.12/$1;
? ? ? ? }
? ? ? ? # add by tim end ..?


來(lái)源地址：http://blog.itpub.net/26230597/abstract/1/

總結(jié)

以上是生活随笔為你收集整理的Nginx安装学习使用具体记录的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。