续我的上篇博文:https://mp.csdn.net/postedit/89552568。即本篇博文是在上篇博文修改完之后的nginx.conf文件中进行修改的。(因为本篇博文在安装带有模块http_realip_module,http image filter module=dynamic和http_ssl_module的nginx1.14服务时,并没有执行“make install”的操作,所以nginx.conf文件还是之前配置过的nginx.conf文件)
一、实验环境(rhel7.3版本)
1、selinux和firewalld状态为disabled
2、各主机信息如下:
主机 | ip |
---|---|
server1 | 172.25.83.1 |
二、安装带有模块http_realip_module,http_image_filter_module=dynamic和http_ssl_module的nginx1.14服务
前期准备:
- 停掉之前开启的nginx服务
- 清空缓存(删除之前安装nginx服务生成的Makefile文件和objs目录)
[root@server1 ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
configure arguments: --prefix=/usr/local/nginx --with-http_realip_module --with-http_image_filter_module=dynamic #我们可以看到之前安装的nginx1.14服务,安装了http_realip_module模块和http_image_filter_module模块
[root@server1 ~]# /usr/local/nginx/sbin/nginx -s stop
[root@server1 ~]# cd nginx-1.14.2/
[root@server1 nginx-1.14.2]# make clean
rm -rf Makefile objs
安装带有模块http_realip_module,http_image_filter_module=dynamic和http_ssl_module的nginx1.14服务
[root@server1 nginx-1.14.2]# yum install openssl-devel -y #安装预编译需要的依赖包openssl-devel
[root@server1 ~]# cd nginx-1.14.2/
[root@server1 nginx-1.14.2]# ./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_image_filter_module=dynamic --with-http_ssl_module #进行预编译
[root@server1 nginx-1.14.2]# ls #可以看到生成了Makefile文件和objs目录
auto CHANGES.ru configure html Makefile objs src
CHANGES conf contrib LICENSE man README
[root@server1 nginx-1.14.2]# vim objs/ngx_modules.c #在objs目录下的ngx_modules.c文件中可以查看安装好的模块。但是这里面只能看到http_realip_module模块,而看不到http_image_filter_module模块
&ngx_http_realip_module, #可以看到有http_realip_module模块
&ngx_http_ssl_module, #可以看到有http_ssl_module模块
[root@server1 nginx-1.14.2]# make #编译
[root@server1 nginx-1.14.2]# cd objs/
[root@server1 objs]# ls #在该目录下可以看到http_image_filter_module模块
autoconf.err ngx_http_image_filter_module_modules.c
Makefile ngx_http_image_filter_module_modules.o
nginx ngx_http_image_filter_module.so
nginx.8 ngx_modules.c
ngx_auto_config.h ngx_modules.o
ngx_auto_headers.h src
[root@server1 objs]# mkdir /usr/local/nginx/modules #需要新建一个modules目录,来存放模块http_image_filter_module
[root@server1 objs]# cp ngx_http_image_filter_module.so /usr/local/nginx/modules/
cp: overwrite ‘/usr/local/nginx/modules/ngx_http_image_filter_module.so’? y
[root@server1 nginx-1.14.2]# cp objs/nginx /usr/local/nginx/sbin/nginx #将生成的新的nginx二进制文件拷贝到/usr/local/nginx/sbin/目录下(覆盖之前该目录下的nginx文件)
cp: overwrite ‘/usr/local/nginx/sbin/nginx’? y
[root@server1 nginx-1.14.2]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.14.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_realip_module --with-http_image_filter_module=dynamic --with-http_ssl_module #可以看到安装时添加的模块
三、https的配置
[root@server1 ~]# vim /usr/local/nginx/conf/nginx.conf #打开nginx.conf文件中默认自带的https模块(116-135行),将120行的localhost该为xin.westos.org,将123行的cert.key该为cert.pem,并将132行的html改为/web
116 # HTTPS server
117 #
118 server {
119 listen 443 ssl;
120 server_name xin.westos.org;
121
122 ssl_certificate cert.pem;
123 ssl_certificate_key cert.pem;
124
125 ssl_session_cache shared:SSL:1m;
126 ssl_session_timeout 5m;
127
128 ssl_ciphers HIGH:!aNULL:!MD5;
129 ssl_prefer_server_ciphers on;
130
131 location / {
132 root /web;
133 index index.html index.htm;
134 }
135 }
[root@server1 ~]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem #其中的名字随意给
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:linux
Organizational Unit Name (eg, section) []:redhat
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@localhost
[root@server1 certs]# ls #我们可以看到生成了cert.pem文件
ca-bundle.crt cert.pem Makefile
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@server1 certs]# cp cert.pem /usr/local/nginx/conf/
[root@server1 ~]# /usr/local/nginx/sbin/nginx #配置完成之后,启动nginx服务
浏览器验证:https://www.westos.org
[root@foundation83 ~]# vim /etc/hosts #在物理机上编写本地解析
172.25.83.1 xin.westos.org
点击“Add Exception”
点击“Confirm Security Exception”