编译
准备依赖库
安装gcc g++ 的依赖库
apt-get install build-essential
apt-get install libtool
安装pcre依赖库
apt-get install libpcre3 libpcre3-dev
安装zlib依赖库
apt-get install zlib1g-dev
安装openssl
apt-get install openssl libssl-dev
编译nginx
./configure --with-debug --with-http_ssl_module
make -j 8
make install
编译完验证是否存在ssl模块
nginx version: nginx/1.18.0
built by gcc 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)
built with OpenSSL 1.1.1 11 Sep 2018
TLS SNI support enabled
configure arguments: --with-debug --with-http_ssl_module
可以看到
built with OpenSSL 1.1.1 11 Sep 2018,
TLS SNI support enabled
等字样,则说明nginx已经将ssl模块编译进去了。
生成ssl需要的私钥和证书
cd /usr/local/nginx/conf/ssl
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
server.key 为私钥
server.crt 为证书
nginx.conf配置文件
#user nobody;
worker_processes 4;
error_log logs/debug.log debug;
events {
worker_connections 1024;
}
http {
#include mime.types;
#default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 60;
server {
client_max_body_size 4G;
listen 443 ssl;
server_name www.haha.com;
root /data;
# 证书文件
ssl_certificate ssl/server.crt;
# 私钥文件
ssl_certificate_key ssl/server.key;
location / {
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
}
}
}
浏览器访问测试
可以看到使用https可以访问。
