1. Use rewrite to rewrite the url: /test/test1/test2/test.html /test.html Normal access: The browser address bar does not change. Temporary redirection: 302 Permanent redirection: 301
Step 1: Preparation->Create the corresponding directories and files
[root@server ~]# mkdir mkdir /www/ip/129 -p [root@server ~]# mkdir test/test1/test2 -p [root@server ~]# echo "hello" > test/test1/test2/test.html [root@server ~]# echo "bye" > /www/ip/129/test.html
Step 2: Create a new virtual host in /etc/nginx/conf.d/multi_site.conf to complete the requirements
#During normal access server { listen 192.168.118.129:9090; server_name rewrite; location/{ root /www/ip/129; index index.html; rewrite ^/test/test1/test2/(.*).html$ /$1.html; } } ? #Temporary redirection server { listen 192.168.118.129:9090; server_name rewrite; location/{ root /www/ip/129; index index.html; rewrite ^/test/test1/test2/(.*).html$ /$1.html redirect; } } ? #Permanent redirect server { listen 192.168.118.129:9090; server_name rewrite; location/{ root /www/ip/129; index index.html; rewrite ^/test/test1/test2/(.*).html$ /$1.html permanent; } }
Step 3: Restart nginx to test whether the mapping is successful
2. Configure nginx to receive https requests
-
Step 1: Generate private key file
[root@server ~]# cd /etc/nginx/ [root@server nginx]# mkdir cert [root@server nginx]# cd cert/ [root@server cert]# openssl genrsa -out ca.key 2048
-
Step 2: Generate public key file
[root@server cert]# openssl rsa -in ca.key -pubout -out ca.pub writing RSA key [root@server cert]# ls -l Total usage 8 -rw------- 1 root root 1704 October 15 20:15 ca.key -rw-r--r-- 1 root root 451 October 15 20:17 ca.pub
-
Step 3: Generate CA application documents
[root@server cert]# openssl req -new -key ca.key -out ca.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shaanxi Locality Name (eg, city) [Default City]:Xi'an Organization Name (eg, company) [Default Company Ltd]:CE Organizational Unit Name (eg, section) []:test Common Name (eg, your name or your server's hostname) []:server Email Address []:[email protected] ? Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
-
Step 4: Generate the CA’s self-signed certificate
[root@server cert]# openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt -days 365 [root@server cert]# ls -l Total usage 16 -rw-r--r-- 1 root root 1261 October 15 20:23 ca.crt -rw-r--r-- 1 root root 1025 October 15 20:21 ca.csr -rw------- 1 root root 1704 October 15 20:15 ca.key -rw-r--r-- 1 root root 451 October 15 20:17 ca.pub
-
Step 5: Generate the server’s private key
[root@server cert]# openssl genrsa -out server.key 2048
-
Step 6: Generate server-side certificate application file
[root@server cert]# openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shaanxi Locality Name (eg, city) [Default City]:xi'an Organization Name (eg, company) [Default Company Ltd]:CE Organizational Unit Name (eg, section) []:shiyou Common Name (eg, your name or your server's hostname) []:server1 Email Address []:[email protected] ? Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
-
Step 7: Use the CA organization’s ca.crt and ca.key to issue a certificate for the server.csr application file
[root@server cert]# openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -out server.crt
-
Step 8: Configure virtual host
[root@server cert]# vim /etc/nginx/conf.d/https.conf server { listen 443 ssl; ssl_certificate cert/server.crt; ssl_certificate_key cert/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ? location/{ root /www/https; index index.html; } } [root@server cert]# mkdir /www/https -p [root@server cert]# echo "https" > /www/https/index.html [root@server cert]# nginx -c /etc/nginx/nginx.conf -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@server cert]# systemctl restart nginx
-
Step 9: Test on Windows