概述
一、Nginx安装http_ssl_module模块
Nginx如果未开启SSL模块,配置Https时提示错误。
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:xxx
nginx缺少http_ssl_module模块,编译安装的时候带上–with-http_ssl_module配置就行了。
本场景是服务器已经安装过nginx,但是未安装http_ssl_module。
1.进入到源码包,如:
cd /app/download/nginx-1.12.2
2.configure:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
3.make
make
4.不需要执行make install,否则就覆盖安装了。
5.备份原有的nginx,如:
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_bak
6.然后将刚刚编译好的nginx覆盖掉原有的nginx(nginx需要停止)
cp ./objs/nginx /usr/local/nginx/sbin/
7.查看安装情况:
/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
二、nginx配置https
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
upstream tomcat {
server 127.0.0.1:8801 weight=1;
server 127.0.0.1:8802 weight=1;
}
#gzip on;
server {
listen 8124;
server_name aaa.bbb.cn;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
#root html;
#index index.html index.htm;
proxy_pass http://tomcat;
#proxy_redirect default;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ .php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ .php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
server {
#SSL 访问端口号为 443,也可自己配置,我配置的为8123
listen 8123;
#填写绑定证书的域名
server_name aaa.ccc.cn;
#启用 SSL 功能
ssl on;
#证书文件名称
ssl_certificate /usr/local/ssl/Nginx/1_aaa.ccc.cn_bundle.crt;
#私钥文件名称
ssl_certificate_key /usr/local/ssl/Nginx/2_aaa.ccc.cn.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
proxy_pass http://tomcat;
}
}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
最后
以上就是精明月饼为你收集整理的nginx配置https证书的全部内容,希望文章能够帮你解决nginx配置https证书所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复