下载Nginx源码:
http://nginx.org/en/download.html
解压源码,并进入文件夹:
# 下载
wget http://nginx.org/download/nginx-1.17.5.tar.gz
# 解压
tar -zxvf nginx-1.17.5.tar.gz
# 进入目录
cd nginx-1.17.5
配置增加SSL模块:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
编译:
make
安装:
sudo make install
安装完成后,可以在"/usr/local/nginx/conf/nginx.conf"下找到配置文件。修改配置文件server部分,如下:
# http跳转到https
server {
listen 80;
server_name www.tfwcn.wang;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
# listen 80; # 可以与http兼容
listen 443 ssl;
server_name www.xxx.com; # 域名
ssl_certificate cert.pem; # 证书,绝对路径
ssl_certificate_key cert.key; # 证书,绝对路径
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
root html; # 网站绝对路径
index index.html index.htm;
}
}
启动Nginx:
# 启动Nginx
nginx
# 停止Nginx
nginx -s stop
# 重新加载配置
nginx -s reload