概述有朋友生产环境需要配置https,但是又没买证书,所以今天主要分享下如何编译安装nginx和怎么去配置https证书(自定义证书)。基础环境操作系统:centos6.8依赖包安装顺序依次为:openssl、zlib、pcre, 然后安装Nginx包(先安装gcc编译)安装包目录:/opt/nginx/nginx-1.11.5.tar.gz
/opt/openssl/ openssl-1.1.0c.tar.gz
/opt/zlib/ zlib-1.2.8.tar.gz
/opt/pcre/pcre2-10.22.zip
1、检测是否有已安装rpm包rpm -qa |grep pcre
rpm –qa | grep zlib
rpm –qa | grep openssl
2、安装openssl # tar -xvf openssl-1.1.0c.tar.gz
# cd openssl-1.1.0c
# ./config –prefix=/usr/local/openssl
# make && make install
3、安装pcre:# unzip pcre2-10.22.zip
# cd pcre2-10.22
# ./configure –prefix=/usr/local/pcre –enable-utf8
# make && make install
4、安装zlib:# tar -xvf zlib-1.2.8.tar.gz
# cd zlib-1.2.8
# ./configure –prefix=/usr/local/zlib
# make && make install
5、安装nginx:# tar -xvf nginx-1.11.5.tar.gz
# cd /opt/nginx-1.11.5
# ./configure –prefix=/usr/local/nginx –with-http_gzip_static_module –with-http_stub_status_module –with-http_ssl_module –with-pcre=/opt/pcre/pcre2-10.22 –with-openssl=/opt/openssl/openssl-1.1.0c
(–with-pcre和 –with-openssl都是指定的解压目录路径,不是编译安装的路径)#make && make install6、动态库链接#cd /etc/ld.so.conf.d/#vi nginx.conf/usr/local/nginx
#ldconfig7、重启nginx命令:cd /usr/local/nginx/sbin./nginx -c /usr/local/nginx/conf/nginx.conf8、配置证书nginx的安装目录:/usr/local/nginx8.1、配置证书(在nginx编译安装目录下)openssl genrsa -des3 -out server.key 1024 (设置密码为gzcss123)
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key (密码gzcss123)
rm server.key.org
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
8.2、配置文件修改server段:server {
listen 443 ssl;
server_name apprtc.com;
ssi on;
ssi_silent_errors on;
ssl on;
ssl_certificate /usr/local/nginx/server.crt;
ssl_certificate_key /usr/local/nginx/server.key;
location / {
proxy_pass xx.xx.xx.xx;
proxy_redirect default;
}
}
访问https://服务器IP关于nginx方面安装部署和配置https的内容就介绍到这了,大家有空也可以测试下做个实验。后面会分享更多关于devops和DBA方面的内容,感兴趣的朋友可以关注下!!