nginx 動態添加ssl模塊

一.查看nginx模塊

/usr/local/nginx/sbin/nginx -V

 

二.安裝openssl包

yum -y install pcre  pcre-devel zlib  zlib-devel openssl openssl-devel

三.從新編譯nginx源碼包，而且生成了新的obj目錄

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module

make ###到此結束， 千萬不要make install ，不然會覆蓋之前nginx的目錄

 

 

四.備份nginx啓動程序而且複製新生成obj目錄的nginx啓動文件

 1.首先備份之前的啓動程序

cp /usr/local/nginx/sbin/nginx nginx.bak

 2.複製obj新生成的啓動程序,覆蓋到之前的nginx

 cp /usr/local/nginx-1.7.9/objs/nginx  /usr/local/nginx/sbin/nginx 

 3.檢測nginx是否有問題，並切堅持模塊是否添加成功

 

五.添加虛擬主機而且添加ssl域名證書。

 1 server {
 2     listen 80; 
 3     server_name XX;
 4     access_log /usr/local/nginx/logs/jXX_access.log;
 5     error_log  /usr/local/nginx/logs/XX_error.log;
 6     location / { 
 7     proxy_set_header X-Real-IP $remote_addr;
 8         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 9         proxy_set_header Host $http_host;
10         proxy_set_header X-NginX-Proxy true;
11         proxy_pass http://XX/;
12         proxy_redirect off;
13     }   
14  #   error_page 500 502 503 504 /50x.html;
15     #location = /50x.html {
16      #   root $root_path;
17    # }   
18 }
19 server {
20     listen 443;
21     server_name XXX;
22     ssl on;
23     ssl_certificate    /usr/local/nginx/conf/cert/214.pem;
24     ssl_certificate_key   /usr/local/nginx/conf/cert/21.key;
25     ssl_session_timeout 5m;
26     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
27     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
28     ssl_prefer_server_ciphers on;    
29     
30     location / { 
31         proxy_set_header X-Real-IP $remote_addr;
32         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
33         proxy_set_header Host $http_host;
34         proxy_set_header X-NginX-Proxy true;
35         proxy_pass http://XXX/;
36         proxy_redirect off;
37     }   
38 
39     
40 }

六.域名訪問