linux安装ssl模块,nginx安装http_ssl_module模块,支持https,
赞
踩
nginx安装http_ssl_module模块,支持https,
1,进入源码包,如:
cd /usr/local/nginx-1.15.0/
2,运行nginx -V命令查看已经安装的nginx模块(configure arguments:后面表示当前已经安装的nginx模块)如:
[root@izbp11gsqdkmgt6b1r4kajz ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module
3,配置nginx参数,加上之前nginx已经安装的模块和http_ssl_module模块,如:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
4,编译
make
5,备份原有已安装好的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
6,然后将刚刚编译好的nginx覆盖掉原有的nginx(这个时候nginx要停止状态)
cp ./objs/nginx /usr/local/nginx/sbin/
7,查看安装结果:
[root@iZwz947of4lcxm9pai1f8vZ ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
8,一个简单的ssl配置demo(同时支持http和https请求)
server {
listen 80;
listen 443 ssl;
#图片路径拦截,定位到图片静态资源
location ~ /uploads/.*$ {
root /www/;
expires 30d;
}
#docker环境配置----------------------------------------
#admin test测试环境
location ^~ /blockchain_admin_test/ {
proxy_pass http://localhost:7112/;
}
#api test测试环境
location ^~ /blockchain_api_test/ {
proxy_pass http://localhost:7012/;
}
ssl_certificate /usr/local/nginx/conf/ssl/cx.blockchain.hyonline.online.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/cx.blockchain.hyonline.online.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
