给已经编译安装了的nginx 添加http_ssl_module模块
上一篇 /
下一篇 2016-08-24 17:18:55
/ 个人分类:nginx
环境:centos6.7
因为需要https ,要用到http_ssl_module模块,但http_ssl_module并不属于nginx的基本模块所以自己重新编译添加
1.首先看下内核和系统的版本号。
[root@zabbix ~]# uname -a
Linux zabbix.nnkj.com 2.6.32-573.el6.x86_64 #1 SMP Thu Jul 23 15:44:03 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@zabbix ~]# cat /etc/issue
CentOS release 6.7 (Final)
Kernel \r on an \m
2.看下编译安装nginx的时候,都编译安装的哪些模块。
[root@zabbix ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx
3.进入之前下载并解压了的源码包目录;重新编译nginx
[root@zabbix nginx-1.8.0]# cd /usr/local/src/nginx-1.8.0
[root@zabbix nginx-1.8.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
[root@zabbix nginx-1.8.0]# make
▲这一步千万不能 make install ;不然会把之前已经安装的nginx 覆盖掉
4.需要替换nginx二进制文件,先停止掉nginx进程;备份一下原来的启动脚本。
[root@zabbix nginx-1.8.0]# /etc/init.d/nginx stop
[root@zabbix nginx-1.8.0]# cp /etc/init.d/nginx /etc/init.d/nginx.bak
[root@zabbix nginx-1.8.0]# cp objs/nginx /usr/local/nginx/sbin/
cp: overwrite `/usr/local/nginx/sbin/nginx'? yes
5.查看nginx的模块,看下是否把需要的模块编译进去了
[root@zabbix ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
6.重新启动nginx;
[root@zabbix nginx-1.8.0]# /etc/init.d/nginx start
Starting Nginx:[OK]
[root@zabbix nginx-1.8.0]# netstat -lnp|grep nginx //查看是否正常监听80端口
问题:
[root@FWD_YF_145_244 nginx-1.5.7]# /etc/init.d/nginx start
Starting nginx... nginx: [emerg] PEM_read_bio_X509_AUX("/usr/local/nginx/conf/cloudxns.net.csr") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
failed
说明cloudxns.net.csr证书不对,应该是cloudxns.net.crt.拷贝到相应目录下就行。
nginx.conf配置:
# HTTPS server
#
server {
listen 443;
server_name www.fastwebtest;
ssl on;
#ssl_certificate cert.pem;
#ssl_certificate_key cert.key;
ssl_certificate /usr/local/nginx/conf/cloudxns.net.crt;
ssl_certificate_key /usr/local/nginx/conf/cloudxns.net.key;
#ssl_session_timeout 5m;
#ssl_protocols SSLv2 SSLv3 TLSv1;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
转载:http://www.itnpc.com/news/web/146771636486934.html
收藏
举报
TAG: