[root@martin001 ~]# yum install -y bind-utils
[root@martin001 ~]# dig www.qq.com
ANSWER SECTION:
www.qq.com. 73 IN A 59.37.96.63
www.qq.com. 73 IN A 14.17.42.40
www.qq.com. 73 IN A 14.17.32.211
[root@martin001 ~]# curl -x127.0.0.1:80 www.qq.com
This is the default site.
[root@martin001 ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@martin001 ~]# /usr/local/nginx/sbin/nginx -s reload
[root@martin001 ~]# curl -x127.0.0.1:80 www.qq.com -I
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Fri, 16 Mar 2018 14:24:38 GMT
Content-Type: text/html; charset=GB2312
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Expires: Fri, 16 Mar 2018 14:25:38 GMT
Cache-Control: max-age=60
Vary: Accept-Encoding
Vary: Accept-Encoding
X-Cache: HIT from tianjin.qq.com
[root@martin001 conf]# cat /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name martin.com;
index index.html index.php;
root /data/wwwroot/test.com;
ssl on;
ssl_certificate martin.crt;
ssl_certificate_key martin.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
[root@martin001 conf]# cat /usr/local/nginx/conf/vhost/ssl.conf
server
{
listen 443;
server_name martin.com;
index index.html index.php;
root /data/wwwroot/test.com;
ssl on;
ssl_certificate martin.crt;
ssl_certificate_key martin.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
[root@martin001 conf]# /usr/local/nginx/sbin/nginx -t
[root@martin001 conf]# cd /usr/local/src/nginx-1.12.1
[root@martin001 conf]#./configure --prefix=/usr/local/nginx --with-http_ssl_module
[root@martin001 conf]#make
[root@martin001 conf]#make install
[root@martin001 conf]# /usr/local/nginx/sbin/nginx -t
[root@martin001 conf]# mkdir /data/wwwroot/martin.com
[root@martin001 conf]# vim /data/wwwroot/martin.com/1.php
[root@martin001 conf]# curl https://martin.com
curl: (60) Peer‘s certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn‘t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you‘d like to turn off curl‘s verification of the certificate, use
the -k (or --insecure) option.
12.17 Nginx负载均衡 12.18 ssl原理 12.19 生成ssl密钥对 12.20 N
原文:http://blog.51cto.com/12058686/2087800