环境
系统:CentOS 6.9
软件:nginx-1.12.2.tar.gz, openssl-1.1.0h.tar.gz
升级openssl
-
下载源码包
地址:https://www.openssl.org/source/openssl-1.1.0h.tar.gz -
编译安装
# tar -zxvf openssl-1.1.0h.tar.gz # cd openssl-1.1.0h # ./config # make # make install -
把旧版本的openssl重命名
# mv /usr/bin/openssl /usr/bin/openssl.bak # mv /usr/include/openssl /usr/include/openssl.bak -
设置软连接指向刚编译好的新版本的openssl-1.1.0h
# ln -s /usr/local/bin/openssl /usr/bin/openssl # ln -s /usr/local/include/openssl /usr/include/openssl -
添加libssl.so.1.1的软链接
# ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1 # ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 -
查看openssl版本
# openssl version
安装nginx
-
下载源码包
地址:http://nginx.org/ -
添加账户
# useradd nginx -
安装依赖包
# yum -y install gcc automake pcre-devel zlib-devel openssl-devel -
编译安装
# tar -zxvf nginx-1.12.2.tar.gz # cd nginx-1.12.2 # ./configure \ --prefix=/usr/local/nginx \ --with-http_stub_status_module \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_gzip_static_module \ --with-http_sub_module \ --with-openssl=/App/src/openssl-1.1.0h # make # make install -
配置环境变量
# vim /etc/profile export PATH=/usr/local/nginx/sbin:$PATH # source /etc/profile
nginx配置
-
编辑配置文件
# ln -s /usr/local/nginx/conf /etc/nginx # vim /etc/nginx/nginx.conf user nginx; -
创建文件夹
# mkdir /var/log/nginx # chown -R nginx:nginx /var/log/nginx
nginx开机启动
- 编写开机启动脚本/etc/init.d/nginxd
#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# it is v.0.0.2 version.
# chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/etc/nginx/nginx.conf
nginx_pid=/var/run/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
echo "nginx already running...."
exit 1
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog: "
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}
# reload nginx service functions.
reload() {
echo -n $"Reloading $prog: "
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit 1
esac
exit $RETVAL
-
配置开机启动
# chmod +x /etc/init.d/nginxd # chkconfig --add nginxd # chkconfig nginxd on # /etc/init.d/nginxd start
nginx配置http2.0
-
配置/etc/nginx/nginx.conf,在http块中添加
http { ...... include /etc/nginx/conf.d/*.conf; } -
编写/etc/nginx/conf.d/your.demo.com.conf
server {
listen 80 ;
server_name your.demo.com;
root /root;
index index.html index.htm;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name your.demo.com;
ssl_certificate /root/your.cert;
ssl_certificate_key /root/your.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
}
- 检测配置并重启nginx
# nginx -t
# /etc/init.d/nginx restart
- 注:
升级到http2.0需要使用https,涉及到添加证书,如果没有官方证书需自行创建CA
网友评论