今天再做nginx下https配置的时候,配置完nginx重启的时候,报了如下错误:
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:112
原因也很简单,nginx缺少http_ssl_module
模块,编译安装的时候带上--with-http_ssl_module
配置就行了,但是现在的情况是我的nginx已经安装过了,怎么添加模块,其实也很简单,往下看:
1.在 /usr/local/src/
目录下添加安装包 nginx-1.17.9.tar.gz,并解压:tar zxvf nginx-1.17.9.tar.gz
2.切换到源码包
cd /usr/local/src/nginx-1.17.9
添加新配置
bash ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
运行完之后,在 make
一下,这里不要进行 make install
,否则就是覆盖安装了
3.备份已安装好的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
4.停止正在运行的所有nginx进程
5.将刚刚编译好的 nginx 覆盖原有的nginx
cp ./objs/nginx /usr/local/nginx/sbin/
系统会提供是否覆盖,输入 yes 即可
6.启动nginx,并查看 ssl 模块添加是否成功
启动:
/usr/local/nginx/sbin/nginx
或
cd /usr/local/nginx/sbin
然后 ./nginx
查看启动状态:
/usr/local/nginx/sbin/nginx -V
nginx.conf 配置:
server {
listen 80;
server_name wxiaoxin.top;
#把http的请求重定向到https的请求
rewrite ^(.*)$ https://$host$1 permanent;
#return 301 https://wxiaoxin.top$request_uri;
}
server {
listen 443 ssl;
server_name wxiaoxin.top;
ssl on;
ssl_certificate /software/data/3913039_www.wxiaoxin.top.pem;
ssl_certificate_key /software/data/3913039_www.wxiaoxin.top.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://wxiaoxin.top:8443;
# root html;
# index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}