一.查看nginx版本
/usr/local/nginx/sbin/nginx -V
如果本地安装的源码包已经删除,可以按照上面查到的信息去下载对应版本的源码包
二.安装openssl包
yum -y install pcre pcre-devel zlib zlib-devel openssl openssl-devel
三.重新编译nginx源码包
1.重新配置nginx安装信息
注意上面检测时在configure arguemnts后面的配置也要带上,否则会丢失之前的配置
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module
2.重新make
make
只需执行make, 千万不要make install ,否则会覆盖以前nginx的目录
make后在objs下生成了新的nginx执行脚本,进入objs目录可以用 ./nginx -V 去检查新生成的nginx脚本
四.复制新生成objs目录的nginx启动文件
1.首先备份以前的启动程序
cp /usr/local/nginx/sbin/nginx nginx.bak
2.复制obj新生成的启动程序,覆盖到以前的nginx
cp /usr/local/nginx-1.7.9/objs/nginx /usr/local/nginx/sbin/nginx
3.检测nginx是否有问题,并查看模块是否添加成功
五.添加虚拟主机并且添加ssl域名证书。
server {
listen 80;
server_name XX;
access_log /usr/local/nginx/logs/jXX_access.log;
error_log /usr/local/nginx/logs/XX_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://XX/;
proxy_redirect off;
}
# error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root $root_path;
# }
}
server {
listen 443;
server_name XXX;
ssl on;
ssl_certificate /usr/local/nginx/conf/cert/214.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/21.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://XXX/;
proxy_redirect off;
}
}
六.访问检查