One: installation dependency
Ubuntu:
apt-get install openssl-devel
apt-get install libssl-dev
centos :
apt-get install openssl-devel
apt-get install openssl
Two: compile nginx
View nginx is installed http_ssl_module
modules
$ /nginx/nginx/sbin/nginx -V
If there configure arguments: --with-http_ssl_module
is already installed (step can be skipped below, enter nginx.conf
configuration)
Download the nginx installation package
# Download the installation package to the opt directory $ cd /opt $ wget http://nginx.org/download/nginx-1.14.1.tar.gz
Unzip the installation package
$ tar -zxvf nginx-1.14.1.tar.gz
Configure ssl module
$ cd nginx-1.14.1 $ ./configure --prefix=/opt/nginx --with-http_ssl_module
Use the make command to compile (using make install will reinstall nginx), and the objs folder will appear in the current directory. Overwrite the current nginx file with the new nginx file.
$ cp ./objs/nginx /opt/nginx/sbin/
Check the installed module again ( configure arguments: --with-http_ssl_module
indicating that the ssl module has been installed)
$ /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.14.1 ... configure arguments: --with-http_ssl_module
Three: Generate a certificate
Enter the directory where you want to create a certificate and private key
cd /usr/local/nginx
Create the server private key, the command will let you enter a password (remember this password, you will need to enter the password every time you restart nginx in the future, it is recommended to enter the same password for the next, easy to remember)
openssl genrsa -des3 -out server.key 1024
Create a certificate for signing request (CSR)
openssl req -new -key server.key -out server.csr
Need to set relevant information
Finally, mark the certificate using the above private key and CSR
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Four: configure nginx
Open nginx.conf configuration
Add ssl configuration
server {
listen 443 ssl;
server_name work.com;
index index.html;
ssl on;
ssl_certificate /usr/local/nginx /server.crt;
ssl_certificate_key /usr/local/nginx /server.key;
ssl_session_timeout 5m;
location / {
root /usr/local/web/;
add_header 'Cache-Control' 'no-store';
}
}
Five: test