Ngninx installed directly using yum does not support ssl by default, so you need to compile and install from code
1. Check the version to be installed
http://nginx.org/en/download.html
Here we still choose the stable version 1.16.1
Second, install dependencies first
yum install gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y
Third, download the source code
Switch to the / usr / local / src directory, download the source code and unzip
cd /usr/local/src
wget http://nginx.org/download/nginx-1.16.1.tar.gz
tar -zxvf nginx-1.16.1.tar.gz
Fourth, compile the source code
cd /usr/local/src/nginx-1.16.1
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
Screenshot after successful compilation
Compile the error solution, skip directly without error
-
. Error: ./ configure: error: the HTTP
rewrite module requires the PCRE library cause of the problem: the need to compile and install nginx pcre package, not installed, then it will error
Solution:
yum -y install zlib zlib-devel OpenSSL OpenSSL - devel pcre pcre -devel -
Error: File "/ usr / bin / yum", line 30 except KeyboardInterrupt, e:
cause of the problem: yum uses python as the command interpreter, the original python interpreter of the system is python2.7, and the default interpreter of the system is python3 .7
Solution:
vim / usr / bin / yum
modify the first behavior: #! / Usr / bin / python2.7
vi / usr / libexec / urlgrabber-ext-down
modify the first behavior: #! / Usr / bin / python2.7 -
Error: File "/ bin / yum-config-manager", line 135 except yum.Errors.RepoError, e:
cause of the problem: yum uses python as the command interpreter, the original python interpreter of the system is python2.7, the system The default interpreter is python3.7
solution:
vim / bin / yum-config-manager
modify the first line: #! / Usr / bin / python2.7 -
Error: ./configure: error: SSL modules require the OpenSSL library.
Cause: Missing SSL library
Solution: yum -y install openssl openssl-devel
Five, install nginx
Use instructions if nginx is already installed
make
If not installed or uninstalled
make && make install
Six, view the nginx version information
View the compiled nginx version
/usr/local/src/nginx-1.16.1/objs/nginx -V
View the nginx version after installation
/usr/local/nginx/sbin/nginx -V
Seven, update nginx, this step is used to install nginx to update the bin file, ignore it if it is installed
cp objs/nginx /usr/local/nginx/sbin/
Copy the bin file and check the next version
/usr/local/nginx/sbin/nginx -V
Eight, configure the boot to start automatically
vim /lib/systemd/system/nginx.service
Copy and save the following content (after pressing ESC: wq save and exit)
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Set boot from boot
systemctl enable nginx
Start, check status, restart nginx, set of 3 instructions
systemctl start nginx
systemctl status nginx
systemctl restart nginx
You can reboot the machine and check the nginx status
Nine, configure the nginx environment variable
Generally, after modifying the configuration, restart with nginx -s reload
nginx -s reload
The following prompt appears is that no environment variables are configured
Open / etc / profile
vim /etc/profile
Add the following 2 lines of configuration to the last line (ESC: wq save and exit)
PATH=$PATH:/usr/local/nginx/sbin
export PATH
After the configuration takes effect, you can use nginx -s reload
source /etc/profile
Ten, Alibaba Cloud certificate configuration
Put the certificate applied by Alibaba Cloud into the directory / usr / local / nginx / conf / cert (the file can also be specified by yourself) to
configure domain name resolution
vi /usr/local/nginx/conf/nginx.conf
Increase the configuration and change the following www.yuming.com to your own domain name
server {
listen 80;
server_name www.yuming.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl; // nginx1.15之后用这个语法
server_name wwww.yuming.com;
ssl_certificate cert/www.yuming.com.pem;
ssl_certificate_key cert/www.yuming.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8001;
proxy_redirect off;
}
}