nginx下添加http_ssl_module并且配置域名,指定端口
1.切换到源码包:
cd /home/nginx-1.23.1
2.进行编译:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
3.配置完成后,运行命令:
make
make命令执行后,不要进行make install,否则会覆盖安装。
4.备份原有已安装好的nginx:
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
5.停止nginx状态:
/usr/local/nginx/sbin/nginx -s stop
6.将编译好的nginx覆盖掉原有的nginx:
cd /home/nginx-1.23.1/
cp ./objs/nginx /usr/local/nginx/sbin/
7.提示是否覆盖,输入yes即可。
8.然后启动nginx:
/usr/local/nginx/sbin/nginx
9.进入nginx/sbin目录下,通过命令查看模块是否已经加入成功:
cd /usr/local/nginx/sbin/
./nginx -V
10.有以下提示,证明已经编译成功:
nginx version: nginx/1.23.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
nginx配置域名
server {listen 443 ssl;server_name xxx.cn;ssl_certificate cert/xxx.pem;ssl_certificate_key cert/xxx.key;ssl_session_timeout 5m;ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_prefer_server_ciphers on;add_header Content-Security-Policy upgrade-insecure-requests;client_max_body_size 200M;server_tokens off;autoindex on;charset uft8;error_page 500 502 503 504 /50x.html;location / {root /mnt/dist;index index.html index.htm;error_page 405 =200 $request_uri;try_files $uri $uri/ /index.html;}location /api{proxy_pass http://127.0.0.1:8080;proxy_read_timeout 360;proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;client_max_body_size 500m;}location = /50x.html {root /usr/share/nginx/html;}}
附带linux下防火墙和开放端口
#查看防火墙是否开启(如果显示running,则防火墙为开启状态):
firewall-cmd --state#关闭防火墙:
systemctl stop firewalld.service#开启防火墙
systemctl start firewalld.service
1、开启防火墙 systemctl start firewalld2、开放指定端口firewall-cmd --zone=public --add-port=443/tcp --permanent命令含义:--zone #作用域--add-port=1935/tcp #添加端口,格式为:端口/通讯协议--permanent #永久生效,没有此参数重启后失效
3、重启防火墙firewall-cmd --reload
# 查询端口是否开放
firewall-cmd --query-port=8080/tcp
lsof -i:8080(如果没有lsof,可以使用 yum install lsof 下载)# 开放80端口
firewall-cmd --permanent --add-port=80/tcp# 移除端口
firewall-cmd --permanent --remove-port=8080/tcp#重启防火墙(修改配置后要重启防火墙)
firewall-cmd --reload