• nginx 动态添加ssl模块


    一.查看nginx模块

    /usr/local/nginx/sbin/nginx -V

    二.安装openssl包

    yum -y install pcre  pcre-devel zlib  zlib-devel openssl openssl-devel

    三.重新编译nginx源码包,并且生成了新的obj目录

    ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module

    make ###到此结束, 千万不要make install ,否则会覆盖以前nginx的目录

    四.备份nginx启动程序并且复制新生成obj目录的nginx启动文件

     1.首先备份以前的启动程序

    cp /usr/local/nginx/sbin/nginx nginx.bak

     2.复制obj新生成的启动程序,覆盖到以前的nginx

     cp /usr/local/nginx-1.7.9/objs/nginx  /usr/local/nginx/sbin/nginx 

     3.检测nginx是否有问题,并切坚持模块是否添加成功

    五.添加虚拟主机并且添加ssl域名证书。

     1 server {
     2     listen 80; 
     3     server_name XX;
     4     access_log /usr/local/nginx/logs/jXX_access.log;
     5     error_log  /usr/local/nginx/logs/XX_error.log;
     6     location / { 
     7     proxy_set_header X-Real-IP $remote_addr;
     8         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     9         proxy_set_header Host $http_host;
    10         proxy_set_header X-NginX-Proxy true;
    11         proxy_pass http://XX/;
    12         proxy_redirect off;
    13     }   
    14  #   error_page 500 502 503 504 /50x.html;
    15     #location = /50x.html {
    16      #   root $root_path;
    17    # }   
    18 }
    19 server {
    20     listen 443;
    21     server_name XXX;
    22     ssl on;
    23     ssl_certificate    /usr/local/nginx/conf/cert/214.pem;
    24     ssl_certificate_key   /usr/local/nginx/conf/cert/21.key;
    25     ssl_session_timeout 5m;
    26     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    27     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    28     ssl_prefer_server_ciphers on;    
    29     
    30     location / { 
    31         proxy_set_header X-Real-IP $remote_addr;
    32         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    33         proxy_set_header Host $http_host;
    34         proxy_set_header X-NginX-Proxy true;
    35         proxy_pass http://XXX/;
    36         proxy_redirect off;
    37     }   
    38 
    39     
    40 }

    六.域名访问

  • 相关阅读:
    Fortran编译器之一GUN Fortran安装(Windows XP)
    c++动态绑定的技术实现
    c++标准库比较
    java array
    java常用的基础容器
    mac sublime text 3 add ctags plugin
    git fetch
    查看远程分支的log
    git删除分支
    detached HEAD state
  • 原文地址:https://www.cnblogs.com/zoulixiang/p/10196671.html
Copyright © 2020-2023  润新知