Nginx from build to configuration support HTTPS

Last Update:2018-06-25 Source: Internet

Author: User

Tags openssl openssl rsa

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Install the base package

Ububtu

apt-get install build-essentialapt-get install libtool

Centos

yum -y install gcc automake autoconf libtool makeyum install gcc gcc-c++

Go to the installation directory

cd /usr/local/src

Install PCRE support Regular expression to enable Nginx to support Rewrite function

Installing zlib supports data compression

wget http://zlib.net/zlib-1.2.11.tar.gztar -zxvf zlib-1.2.11.tar.gzcd zlib-1.2.11./configuremakemake install

Installing OpenSSL supports HTTPS

wget https://www.openssl.org/source/openssl-1.1.1-pre7.tar.gztar -zxvf openssl-1.1.1-pre7.tar.gzcd openssl-1.1.1-pre7./configuremakemake install

Nginx

wget http://nginx.org/download/nginx-1.14.0.tar.gztar -zxvf nginx-1.14.0.tar.gzcd nginx-1.14.0./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_modulemakemake install

Configuration

Configuration file Address

/usr/local/nginx/conf/nginx.conf

Use

Command

/usr/local/nginx/sbin/nginx                      # 启动 Nginx/usr/local/nginx/sbin/nginx -t                   # 检查 Nginx 配置文件正确性/usr/local/nginx/sbin/nginx -s reload            # 重新载入配置文件/usr/local/nginx/sbin/nginx -s reopen            # 重启 Nginx/usr/local/nginx/sbin/nginx -s stop              # 停止 Nginx

Process shutdown

# 查看进程号ps -ef|grep nginx# 正常退出kill -QUIT 进程号# 快速停止kill -TERM 进程号kill -INT 进程号# 强制退出kill -KILL nginx

Generate CER certificates to support HTTPS generation of CER certificates

# Enter the directory where the certificate is stored/usr/local/nginx/conf/ssl# Create server certificate key file Server.key private key OpenSSL genrsa-des3-out server.key 1024# Enter password, confirm password,  A certificate (CSR) that is used to create the signing request is followed by the # Req-new-key server.key-out server.csr# output is: # Enter pass phrase for root.key:← Enter the password created earlier # Country Name (2 letter code) [au]:cn← Country Code, China input cn# State or province name (full name) [some-state]:beijing← Province, Pinyin # Locality name (eg, city) []:beijing← 's full name, Pinyin # Organization name (eg, company) [Internet widgits Pty ltd]:mycompany Corp. ← Company English Name # organizational Unit name (eg, section) []:← can not enter # Common name (eg, YOUR name) []:← do not enter # e-mail Address at this time []:[em Ail protected]← e-mail address, you can fill in the # Please enter the following ' extra ' attributes#-be-sent with your certificate request# A Challenge Password []:← can not enter # A optional company name []:← can not enter # Backup server key file CP server.key server.key.org# remove file password, generate public key OpenSSL rsa-in server.key.org-out server.key# enter pass phrase for server.key.org:← Enter the password created earlier # Generate a certificate file Server.crtopenss L X509-req-days 365-in ServEr.csr-signkey Server.key-out SERVER.CRT

Configure HTTPS

# /usr/local/nginx/conf/nginx.conf## HTTPS server configuration#server {    listen       443 ssl;  # ssl 端口    server_name  www.xingkongbj.com xingkongbj.com;  # 域名    ssl                  on;  # 开启 ssl    ssl_certificate      ssl/server.crt;    ssl_certificate_key  ssl/server.key;    ssl_session_timeout  5m;#    ssl_protocols  SSLv2 SSLv3 TLSv1;#    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;#    ssl_prefer_server_ciphers   on;    location / {     proxy_redirect off;  # 禁止跳转     proxy_set_header Host $host;     proxy_set_header X-Real-IP $remote_addr;     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;     proxy_pass http://98.142.138.177/;    }}

# nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf# 原因是nginx缺少http_ssl_module模块，编译安装时带上--with-http_ssl_module配置就可以了# 切换到nginx源码包cd cd /usr/local/src/nginx-1.14.0/# 查看 ngixn 原有的模块/usr/local/nginx/sbin/nginx -V# 重新配置./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module# 重新编译，不需要 make  install 安装。否则会覆盖make# 备份原有已经安装好的 nginxcp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bakcp /usr/local/nginx/conf/nginx.conf /usr/local/nginx.conf# 将刚刚编译好的 nginx 覆盖掉原来的 nginx(ngixn必须停止)cp ./objs/nginx /usr/local/nginx/sbin/ # 这时，会提示是否覆盖，请输入yes，直接回车默认不覆盖# 启动 nginx，查看 nginx 模块，发现已经添加/usr/local/nginx/sbin/nginx -V/usr/local/nginx/sbin/nginx -t/usr/local/nginx/sbin/nginx

Nginx from build to configuration support HTTPS

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More