1. 使用ssl模块配置https支持
nginx进行编译,添加ssl模块:--with-http_ssl_module
1)编译安装nginx:
[root@nginx2 nginx]# ls
nginx-1.15.9.tar.gz nginx-1.17.4 nginx-1.17.4.tar.gz
[root@nginx2 nginx]# cd nginx-1.17.4/
[root@nginx2 nginx-1.17.4]# ./configure --prefix=/usr/local/nginx --with-http_ssl_module
Configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ using system zlib library
[root@nginx2 nginx-1.17.4]# make && make install
[root@nginx2 nginx-1.17.4]# echo $?
0
2)修改ngixn配置文件:
[root@nginx2 nginx-1.17.4]# cd
[root@nginx2 ~]# cd /usr/local/nginx/conf/
[root@nginx2 conf]# vim nginx.conf
# HTTPS server
#
server {
listen 443 ssl;
server_name www.song.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web;
index index.html index.htm;
}
3)生成自签名证书:
[root@nginx2 ~]# cd /etc/pki/tls/certs/
[root@nginx2 certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
[root@nginx2 certs]