昨天试着配置了一下Nginx的ssl证书,具体如下
http {
server{
listen 443 ssl;
server_name www.xxx.com;
ssl_certificate /etc/certs/cert.pem;
ssl_certificate_key /etc/certs/cert.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location /wxpay/ {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:8080/wxpay;
}
}
server {
listen 80;
server_name www.xxx.com;
rewrite ^/(.*)$ https://www.xxx.com:443/$1 permanent;
}
}
发现无法启动,报nginx:[emerg]unknown directive ssl错误
。
出现这个问题是因为我编译的时候没有添加ssl模块,解决办法如下:
打开编译目录,假设是/usr/loacl/nginx1.16.0
cd /usr/loacl/nginx1.16.0
添加ssl模块
./configure --with-http_ssl_module
编译安装包
make
然后把编译好的文件替换之前的,在此之前你可以先备份一下原来的文件
cp objs/nginx /usr/local/nginx/sbin/nginx
最后,查看一下是否安装成功
./sbin/nginx -V
如果看到这样的结果就表示安装成功了
[root@launch-advisor-20180716 nginx]# ./sbin/nginx -V
nginx version: nginx/1.16.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --with-http_ssl_module
TLS SNI support enabled
说明SSL可用,再启动Nginx就正常了
参考:https://blog.csdn.net/weixin_38111957/article/details/81283121