目录
2、Nginx增加SSL模块,重新编译后,覆盖原nginx执行文件
1、查看源编译参数:
# nginx -V
nginx version: nginx/1.14.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module
2、Nginx增加SSL模块,重新编译后,覆盖原nginx执行文件
进入nginx源码文件夹
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
如出现以下提示,需安装额外包
checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found
./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.
安装openssl-devel
# yum install openssl-devel
可能出现如下错误:
Error: Multilib version problems found. This often means that the root
cause is something else and multilib version checking is just
pointing out that there is a problem. Eg.:
1. You have an upgrade for openssl which is missing some
dependency that another package requires. Yum is trying to
solve this by installing an older version of openssl of the
different architecture. If you exclude the bad architecture
yum will tell you what the root cause is (which package
requires what). You can try redoing the upgrade with
--exclude openssl.otherarch ... this should give you an error
message showing the root cause of the problem.
2. You have multiple architectures of openssl installed, but
yum can only see an upgrade for one of those arcitectures.
If you don't want/need both architectures anymore then you
can remove the one with the missing update and everything
will work.
3. You have duplicate versions of openssl installed already.
You can use "yum check" to get yum show these errors.
...you can also use --setopt=protected_multilib=false to remove
this checking, however this is almost never the correct thing to
do as something else is very likely to go wrong (often causing
much more problems).
Protected multilib versions: openssl-1.0.1e-48.el6.i686 != openssl-1.0.1e-48.el6_8.4.x86_64
临时的解决办法:
# yum downgrade openssl
# yum install openssl-devel
编译,覆盖原执行文件
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
# make
# cp objs/nginx /usr/local/nginx/sbin/
3、生成自签名证书
# mkdir -p /etc/nginx/https
# cd /etc/nginx/https
# openssl genrsa -des3 -out ssl.key 1024
# mv ssl.key xxx.key
# openssl rsa -in xxx.key -out ssl.key
# rm xxx.key
# 然后根据这个key文件生成证书请求文件
# openssl req -new -key ssl.key -out ssl.csr
# openssl x509 -req -days 3650 -in ssl.csr -signkey ssl.key -out ssl.crt
4、nginx配置ssl
server {
listen xxx;
server_name xx.xx.xx.xx;
ssl on;
ssl_certificate /etc/nginx/https/ssl.crt;
ssl_certificate_key /etc/nginx/https/ssl.key;
# ...
}