Nginx starts the SSL function and optimizes the function, you can see this is enough
1: Start the SSL module of
Nginx 1.1 If the SSL module is not enabled in Nginx, it will prompt an error when configuring Https
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:37
The reason is also very simple. nginx lacks the http_ssl_module module. It is enough to bring the --with-http_ssl_module configuration when compiling and installing, but the current situation is that my nginx has already been installed. How to add modules is actually very simple, look down. : Make a note: my nginx installation directory is /usr/local/nginx, and my source package is in /usr/local/src/nginx-1.6.2
1.2 Nginx opens the SSL module
Switch to the source package:
cd /usr/local/src/nginx-1.11.3
View the original modules of nginx
/usr/local/nginx/sbin/nginx -V
The original configure parameters displayed after configure arguments: are as follows:
--prefix=/usr/local/nginx --with-http_stub_status_module
Then our new configuration information should be written like this:
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_modul
Just run the above command, and after the
configuration is complete, run the command
make
Do not perform make install here, otherwise it is to overwrite the installation
and then back up the original installed nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
Then overwrite the nginx just compiled over the original nginx (nginx will stop at this time)
cp ./objs/nginx /usr/local/nginx/sbin/
Then start nginx, you can still check whether it has been added successfully through the command
/usr/local/nginx/sbin/nginx -V
Nginx 配置Http和Https共存
server {
listen 80 default backlog=2048;
listen 443 ssl;
server_name wosign.com;
root /var/www/html;
ssl_certificate /usr/local/Tengine/sslcrt/ wosign.com.crt;
ssl_certificate_key /usr/local/Tengine/sslcrt/ wosign.com .Key;
}
Put ssl on; this line is removed, and ssl is written after port 443. In this way, both http and https links can be
configured with Nginx SSL security certificate restart to avoid entering a password
. You can do this with a private key. Generate a decrypted key file to replace the original key file.
openssl rsa -in server.key -out server.key.unsecure
Nginx SSL performance tuning
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
Thank you for reading, I hope it can help you, thank you for your support to this site!