Nginx to start the SSL feature and perform a detailed description of the function optimization _linux

Source: Internet
Author: User
Tags openssl rsa nginx ssl

Nginx starts the SSL feature and optimizes the functionality, you see, that's enough.

One: Start Nginx SSL Module

1.1 Nginx If SSL module is not open, prompt for error when configuring HTTPS

Nginx: [Emerg] the "SSL" parameter requires Ngx_http_ssl_module in/usr/local/nginx/conf/nginx.conf:37

The reason is also very simple, Nginx missing http_ssl_module module, compile the installation time with--with-http_ssl_module configuration on the line, but now the situation is my nginx has been installed, how to add modules, in fact, is also very simple, look down: To make a note: My Nginx installation directory is/usr/local/nginx this directory, my source code package in the/usr/local/src/nginx-1.6.2 directory

1.2 Nginx Open SSL module

Switch to Source package:

cd/usr/local/src/nginx-1.11.3

View Nginx's original module

/usr/local/nginx/sbin/nginx-v

The Configure arguments: The original configure parameters shown later are as follows:

--prefix=/usr/local/nginx--with-http_stub_status_module

So our new configuration information should be written like this:

./configure--prefix=/usr/local/nginx--with-http_stub_status_module--with-http_ssl_modul

Run the above command, etc configured

When the configuration is complete, run the command

Make

Do not make install here, otherwise you will overwrite the installation

Then back up the original installed Nginx

Cp/usr/local/nginx/sbin/nginx/usr/local/nginx/sbin/nginx.bak

Then overwrite the nginx with the original Nginx (this time nginx to stop State)

CP./objs/nginx/usr/local/nginx/sbin/

Then start Nginx, and still be able to see if the success has been added by command

/usr/local/nginx/sbin/nginx-v

Nginx Configure HTTP and HTTPS coexistence

server {
      listen default backlog=2048;
      Listen 443 SSL;
      server_name wosign.com;
      root/var/www/html;
 
      SSL_CERTIFICATE/USR/LOCAL/TENGINE/SSLCRT/WOSIGN.COM.CRT;
      Ssl_certificate_key/usr/local/tengine/sslcrt/wosign.com. Key;
    }

Put SSL on; this line is removed and SSL is written behind port 443. So that the HTTP and HTTPS links can be used

Nginx Configure SSL Security certificate restart to avoid entering passwords

You can do this with the private key. Generate a decrypted key file instead of the original key file.

OpenSSL rsa-in server.key-out server.key.unsecure

Nginx SSL Performance Tuning

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_ciphers ecdhe-rsa-aes256-sha384:aes256-sha256:rc4:high:! md5:!anull:!enull:! Null:! Dh:! edh:! AESGCM;
Ssl_prefer_server_ciphers on;
Ssl_session_cache shared:ssl:10m;
Ssl_session_timeout 10m;

Thank you for reading, I hope to help you, thank you for your support for this site!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.