Nginx starts the SSL feature and optimizes the functionality, you see, that's enough.
One: Start Nginx SSL Module
1.1 Nginx If SSL module is not open, prompt for error when configuring HTTPS
Nginx: [Emerg] the "SSL" parameter requires Ngx_http_ssl_module in/usr/local/nginx/conf/nginx.conf:37
The reason is also very simple, Nginx missing http_ssl_module module, compile the installation time with--with-http_ssl_module configuration on the line, but now the situation is my nginx has been installed, how to add modules, in fact, is also very simple, look down: To make a note: My Nginx installation directory is/usr/local/nginx this directory, my source code package in the/usr/local/src/nginx-1.6.2 directory
1.2 Nginx Open SSL module
Switch to Source package:
cd/usr/local/src/nginx-1.11.3
View Nginx's original module
/usr/local/nginx/sbin/nginx-v
The Configure arguments: The original configure parameters shown later are as follows:
--prefix=/usr/local/nginx--with-http_stub_status_module
So our new configuration information should be written like this:
./configure--prefix=/usr/local/nginx--with-http_stub_status_module--with-http_ssl_modul
Run the above command, etc configured
When the configuration is complete, run the command
Do not make install here, otherwise you will overwrite the installation
Then back up the original installed Nginx
Cp/usr/local/nginx/sbin/nginx/usr/local/nginx/sbin/nginx.bak
Then overwrite the nginx with the original Nginx (this time nginx to stop State)
CP./objs/nginx/usr/local/nginx/sbin/
Then start Nginx, and still be able to see if the success has been added by command
/usr/local/nginx/sbin/nginx-v
Nginx Configure HTTP and HTTPS coexistence
server {
listen default backlog=2048;
Listen 443 SSL;
server_name wosign.com;
root/var/www/html;
SSL_CERTIFICATE/USR/LOCAL/TENGINE/SSLCRT/WOSIGN.COM.CRT;
Ssl_certificate_key/usr/local/tengine/sslcrt/wosign.com. Key;
}
Put SSL on; this line is removed and SSL is written behind port 443. So that the HTTP and HTTPS links can be used
Nginx Configure SSL Security certificate restart to avoid entering passwords
You can do this with the private key. Generate a decrypted key file instead of the original key file.
OpenSSL rsa-in server.key-out server.key.unsecure
Nginx SSL Performance Tuning
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_ciphers ecdhe-rsa-aes256-sha384:aes256-sha256:rc4:high:! md5:!anull:!enull:! Null:! Dh:! edh:! AESGCM;
Ssl_prefer_server_ciphers on;
Ssl_session_cache shared:ssl:10m;
Ssl_session_timeout 10m;
Thank you for reading, I hope to help you, thank you for your support for this site!