再nginx开启ssl时,启动报这样的问题:
nginx: [emerg] the “ssl” parameter requires ngx_http_ssl_mod
那就是需要添加http_ssl_module模块。流程如下:
1.进入源文件目录
cd /usr/local/src/nginx-1.8.0
2.编译安装nginx时,已安装模块
[root@lamb ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.8
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx
3.重新编译nginx
[root@lamb nginx-1.15.8]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
千万千万不能 make install ;否则会把之前已经安装的nginx 覆盖掉
4.备份原有已安装好的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
5.把新的nginx程序覆盖旧的
cp objs/nginx /usr/local/nginx/sbin/nginx
如果提示“cp:cannot create regular file `/usr/local/nginx/sbin/nginx’: Text file busy”
建议使用如下语句cp
cp -rfp objs/nginx /usr/local/nginx/sbin/nginx
5.验证并重启新程序
验证:
[root@localhost /]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.8
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
ok,添加成功。
6.重新启动
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
附注:
Nginx SSL性能调优
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;