nginx 动态添加ssl模块

一.查看nginx模块

/usr/local/nginx/sbin/nginx -V

 

二.安装openssl包

yum -y install pcre  pcre-devel zlib  zlib-devel openssl openssl-devel

三.重新编译nginx源码包，并且生成了新的obj目录

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module

make ###到此结束， 千万不要make install ，否则会覆盖以前nginx的目录

 

 

四.备份nginx启动程序并且复制新生成obj目录的nginx启动文件

 1.首先备份以前的启动程序

cp /usr/local/nginx/sbin/nginx nginx.bak

 2.复制obj新生成的启动程序,覆盖到以前的nginx

 cp /usr/local/nginx-1.7.9/objs/nginx  /usr/local/nginx/sbin/nginx 

 3.检测nginx是否有问题，并切坚持模块是否添加成功

 

五.添加虚拟主机并且添加ssl域名证书。

1 server {
2 listen 80;
3 server_name XX;
4 access_log /usr/local/nginx/logs/jXX_access.log;
5 error_log /usr/local/nginx/logs/XX_error.log;
6 location / {
7 proxy_set_header X-Real-IP $remote_addr;
8 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
9 proxy_set_header Host $http_host;
10 proxy_set_header X-NginX-Proxy true;
11 proxy_pass http://XX/;
12 proxy_redirect off;
13 }
14 # error_page 500 502 503 504 /50x.html;
15 #location = /50x.html {
16 # root $root_path;
17 # }
18 }
19 server {
20 listen 443;
21 server_name XXX;
22 ssl on;
23 ssl_certificate /usr/local/nginx/conf/cert/214.pem;
24 ssl_certificate_key /usr/local/nginx/conf/cert/21.key;
25 ssl_session_timeout 5m;
26 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
27 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
28 ssl_prefer_server_ciphers on;
29
30 location / {
31 proxy_set_header X-Real-IP $remote_addr;
32 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
33 proxy_set_header Host $http_host;
34 proxy_set_header X-NginX-Proxy true;
35 proxy_pass http://XXX/;
36 proxy_redirect off;
37 }
38
39
40 }

 

六.域名访问