依赖模块
--with-http_ssl_module
查看ngixn现有模块
/usr/local/nginx/sbin/nginx -V
如果缺少,需要对nginx进行重新配置和编译。
- 切换到源包
cd /usr/local/nginx-1.9.9 - 重新配置
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module - 重新编译,不需要
make install安装。否则会覆盖
make - 备份原有nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak - 把源包
objs下生成的新nginx覆盖掉原来的nginx。会提示是否覆盖,请输入yes,直接回车默认不覆盖。
cp ./objs/nginx /usr/local/nginx/sbin/ - 启动nginx,查看nginx模块,发现已经添加
/usr/local/nginx/sbin/nginx -V
ssl 具体配置实例
server {
listen 80;
server_name xxx.com;
rewrite ^(.*)$ https://$host$1 permanent; // http 强转 https
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate ssl/cert-1.crt;
ssl_certificate_key ssl/cert-1.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Forwarded $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
root /home/xxx/WebContent;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /home/xxx/WebContent;
}
}
网友评论