nginx添加模块与https支持
实例1:为已安装nginx动态添加模块以安装rtmp媒流模块为例:
1)下载第三方模块到
# git clone https://github.com/arut/nginx-rtmp-module.git
2)查看nginx编译安装时安装的模块
1
2
3
4
5
6
# nginx -V
nginx version: nginx/1.8.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module
3)cd到源码目录添加模块重新配置编译
1
2
# cd /root/tools/nginx-1.8.1
# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module --add-module=/root/tools/nginx-1.8.1/nginx-rtmp-module
1
# make
#此处只进行编译不进行安装,如安装的话会覆盖源文件。
4)在编译完成后,会在当前目录下生成一个objs文件夹,将nginx二进制文件拷贝到源安装目录下,注意备份源文件,然后查看编译后的模块。
1
2
3
4
5
6
7
8
9
# mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.20170825
# cp objs/nginx /usr/local/nginx/sbin/nginx
# nginx -V
nginx version: nginx/1.8.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module --add-module=/root/tools/nginx-1.8.1/nginx-rtmp-module
# nginx -s reload
实例2:nginx使用ssl模块配置https支持
1、生成证书(注意此证书为自己颁发的在公网上不受信任)
1)生成一个rsa密钥:
1
2
3
4
5
6
7
# openssl genrsa -des3 -out test.key 1024
Generating RSA private key, 1024 bit long modulus
..............................++++++
...........................++++++
e is 65537 (0x10001)
Enter pass phrase for test.key: #输入密码,需要复杂性要求
Verifying - Enter pass phrase for test.key:#重复密码
2)拷贝刚才的密码文件,生成一个不需要密码的密钥文件:
1
2
3
# openssl rsa -in test.key -out test_nopass.key
Enter pass phrase for test.key:#输入以上创建时输入的密码
writing RSA key
3)生成一个证书请求文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# openssl req -new -key test.key -out test.csr
Enter pass phrase for test.key:#输入以上创建时输入的密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :cn#国家
State or Province Name (full name) []:shanghai#省份
Locality Name (eg, city) :shanghai #城市
Organization Name (eg, company) :shanghai information company Ltd #具体名称
Organizational Unit Name (eg, section) []:test#单位名称
Common Name (eg, your name or your server''s hostname) []:*.test.cn #服务器域名
Email Address []:admin@test.cn#邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: #密码为空,直接回车
An optional company name []: #密码为空,直接回车
4)自己签发证书
1
2
3
4
5
# openssl x509 -req -days 365 -in test.csr -signkey test.key -out test.crt
Signature ok
subject=/C=cn/ST=shanghai/L=shanghai/O=shanghai information company Ltd/OU=test/CN=*.test.cn/emailAddress=admin@test.cn
Getting Private key
Enter pass phrase for test.key:#输入test.key设置的密码
2、配置nginx.conf文件
1
2
3
4
5
6
7
8
9
# vim /usr/local/nginx/conf/nginx.conf
添加如下:
server {
listen 80;
server_namelocalhost;
listen 443; #监听端口
ssl on; #开启ssl
ssl_certificate /usr/local/nginx/conf/test.crt; #指定证书位置
ssl_certificate_key/usr/local/nginx/conf/test_nopass.key;#指定密钥文件,如此处使用test.key则每次启动nginx服务器需要舒服key密码。
1
# nginx -s reload#重加载配置
页:
[1]