content
1. Install the packages that Nginx depends on for compilation
1. Install the packages that Nginx depends on for compilation
In normal centos, you can use yum to install the following dependencies:
yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
Dependency package description:
1. Compilation depends on the gcc environment, so you need: gcc gcc-c++;
2. PCRE (Perl Compatible Regular Expressions) is a Perl library, including a perl-compatible regular expression library. The http module of nginx uses pcre to parse regular expressions, so the pcre library needs to be installed on linux. pcre-devel is a secondary development library developed with pcre, so it needs: pcre pcre-devel ;
3. The zlib library provides a variety of compression and decompression methods. nginx uses zlib to gzip the content of the http package, so the zlib library needs to be installed on Centos, so you need: zlib zlib-devel;
4. OpenSSL is a powerful secure socket layer cryptographic library, including major cryptographic algorithms, commonly used key and certificate encapsulation management functions and SSL protocols, and provides a wealth of applications for testing or other purposes. Nginx supports not only the http protocol, but also https (that is, transmitting http on the ssl protocol), so you need to install the OpenSSL library on Centos, so you need: openssl openssl-devel;
If a dependency package cannot be installed through yum, you can download it and install it by decompressing, make && make install
When I used yum to install pcre, the installation was not successful, resulting in an error when making:
make: *** No rule to make target `build', needed by `default'. Stop.If you can't install pcre using yum, you can go to the official website ( https://ftp.pcre.org/pub/pcre/ )
Download the corresponding compressed package, and then decompress and install:
tar zxvf pcre-8.43.tar.gz
cd pcre-8.43
./configure
make && make install
If the installation of OpenSSL using yum fails, you can go to ( /source/index.html ) to download the OpenSSL compressed package,
Unzip the installation:
tar zxvf openssl-1.0.2t.tar.gz
cd openssl-1.0.2t
./config --prefix=/usr/local/ --openssldir=/usr/local/openssl -g3 shared zlib-dynamic enable-camellia
make && make installTest if available:
[root@etcd01 sbin]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017If the installation of zlib using yum fails, you can go to the zlib Home Site to download the compressed package and unzip the installation:
tar zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make && make install2. Download and install Nginx
- Go to the official website to download Nginx: wget https://nginx.org/download/nginx-1.16.1.tar.gz
- Unzip the installation:
tar zxvf nginx-1.16.1.tar.gz
cd nginx-1.16.1
./configure --prefix=/opt/nginx/server
make && make installIn this way, the sbin and conf related directories installed by Nginx will be
- Generated in /opt/nginx/server, if you do not know the prefix, it will be generated in the /usr/local/nginx directory by default
- Test if the installation was successful:
[root@s1 sbin]# ./nginx -V
nginx version: nginx/1.16.1
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx/server --with-http_stub_status_module --with-http_ssl_moduleHere --with-http_stub_status_module --with-http_ssl_module is the ssl module that needs to be added when configuring https, which will be introduced later. If there are no two modules using https, an error will be reported:
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /opt/nginx/server/conf/nginx.conf:37- Start Nginx:
cd /opt/nginx/server/sbin
./nginxAn error may be reported when starting nginx:
nginx:error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory On a redhat 64-bit machine, the pcre file that nginx may read is the /lib64/libpcre.so.1 file. A soft connection needs to be established:
ln -s /usr/local/lib/libpcre.so.1 /lib64/
- nginx service related commands:
./nginx -t #验证nginx.conf文件正确性
./nginx -s reload #重新加载nginx.conf文件
./nginx -s stop #停止Nginx服务- Verify that the service started successfully:
Ports can be viewed:
[root@s1 sbin]# netstat -ntlp | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 349/nginx: master
Also available via browser: http://ip
At this point, the normal configuration of Nginx has been completed, but if you want to use https, you also need to configure the certificate and Nginx support https related modules
First, Nginx adds modules that support https, and ssl-related modules need to be added to ./configuration during installation:
./configure --prefix=/opt/nginx/server --with-http_stub_status_module --with-http_ssl_module
Generate certificate:
1. First use openssl to execute the following command to generate a key:
openssl genrsa -des3 -out nginx.key 1024 #此处使用的密码是1024Then he will ask you to enter the password for this key file.
It will be used by nginx in the future. Every time you reload the nginx configuration, you need to verify the PAM password.
2. Then use openssl to generate a certificate request file based on this key file:
openssl req -new -key nginx.key -out nginx.csrWhen the above command is generated, you need to fill in a lot of things to read and write one by one (you can do whatever you want, after all, this is a certificate generated by yourself, but if you use a java program to access, you need to enter your own domain name when entering the user name or server name, Otherwise, it will report an error that the matching domain name certificate cannot be found)
3. Finally, generate the crt certificate file based on these 2 files:
openssl x509 -req -days 3650 -in nginx.csr -signkey nginx.key -out nginx.crt4. The final files used are the key and crt files. If you need to use pfx, you can generate it with the following command:
openssl pkcs12 -export -inkey nginx.key -in nginx.crt -out nginx.pfxConfigure nginx https:
Need to add in the nginx.conf configuration file:
server {
listen 443 ssl;
server_name localhost;
ssl_protocols SSLv2 SSLv3 TLSv1;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_certificate /opt/nginx/ssl/nginx.crt;
ssl_certificate_key /opt/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://httpfs/;
}
}Complete nginx.conf configuration file:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream httpfs {
server 127.0.0.1:14000;
}
server {
listen 80;
server_name httpfs.test.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://httpfs/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS server
server {
listen 443 ssl;
server_name httpfs.test.com;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_certificate ssl/nginx.crt;
ssl_certificate_key ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://httpfs/;
}
}
}After restarting nginx, you can use https to access.
[root@etcd01 sbin]# ./nginx -s reload
Enter PEM pass phrase:
[root@etcd01 sbin]#
#此时会提示你需要输入密码,只有输入密码才能重启成功