Nginx to start the SSL feature and perform a detailed description of the function optimization _linux

Nginx starts the SSL feature and optimizes the functionality, you see, that's enough.

One: Start Nginx SSL Module

1.1 Nginx If SSL module is not open, prompt for error when configuring HTTPS

Nginx: [Emerg] the "SSL" parameter requires Ngx_http_ssl_module in/usr/local/nginx/conf/nginx.conf:37

The reason is also very simple, Nginx missing http_ssl_module module, compile the installation time with--with-http_ssl_module configuration on the line, but now the situation is my nginx has been installed, how to add modules, in fact, is also very simple, look down: To make a note: My Nginx installation directory is/usr/local/nginx this directory, my source code package in the/usr/local/src/nginx-1.6.2 directory

1.2 Nginx Open SSL module

Switch to Source package:

cd/usr/local/src/nginx-1.11.3

View Nginx's original module

/usr/local/nginx/sbin/nginx-v

The Configure arguments: The original configure parameters shown later are as follows:

--prefix=/usr/local/nginx--with-http_stub_status_module

So our new configuration information should be written like this:

./configure--prefix=/usr/local/nginx--with-http_stub_status_module--with-http_ssl_modul

Run the above command, etc configured

When the configuration is complete, run the command

Make

Do not make install here, otherwise you will overwrite the installation

Then back up the original installed Nginx

Cp/usr/local/nginx/sbin/nginx/usr/local/nginx/sbin/nginx.bak

Then overwrite the nginx with the original Nginx (this time nginx to stop State)

CP./objs/nginx/usr/local/nginx/sbin/

Then start Nginx, and still be able to see if the success has been added by command

/usr/local/nginx/sbin/nginx-v

Nginx Configure HTTP and HTTPS coexistence

server {
      listen default backlog=2048;
      Listen 443 SSL;
      server_name wosign.com;
      root/var/www/html;
 
      SSL_CERTIFICATE/USR/LOCAL/TENGINE/SSLCRT/WOSIGN.COM.CRT;
      Ssl_certificate_key/usr/local/tengine/sslcrt/wosign.com. Key;
    }

Put SSL on; this line is removed and SSL is written behind port 443. So that the HTTP and HTTPS links can be used

Nginx Configure SSL Security certificate restart to avoid entering passwords

You can do this with the private key. Generate a decrypted key file instead of the original key file.

OpenSSL rsa-in server.key-out server.key.unsecure

Nginx SSL Performance Tuning

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_ciphers ecdhe-rsa-aes256-sha384:aes256-sha256:rc4:high:! md5:!anull:!enull:! Null:! Dh:! edh:! AESGCM;
Ssl_prefer_server_ciphers on;
Ssl_session_cache shared:ssl:10m;
Ssl_session_timeout 10m;

Thank you for reading, I hope to help you, thank you for your support for this site!