一、引言
之前项目没有要求用https,所以当初就没有安装ssl模块,结果新项目和老项目部署在一起,要求上https,只能加装ssl,愁人啊!
补装SSL模块
- 先到nginx源码目录表
- 安装必要模块openssl
yum -y install openssl openssl-devel
- 重新添加ssl模块
./configure --prefix=/data/nginx --pid-path=/data/nginx/nginx.pid --lock-path=/data/nginx/lock/nginx.lock --error-log-path=/data/nginx/log/error.log --http-log-path=/data/nginx/log/access.log --with-http_gzip_static_module --http-client-body-temp-path=/data/nginx/tmp/client --http-proxy-temp-path=/data/nginx/tmp/proxy --http-fastcgi-temp-path=/data/nginx/tmp/fastcgi --http-uwsgi-temp-path=/data/nginx/tmp/uwsgi --http-scgi-temp-path=/data/nginx/tmp/scgi
--with-http_ssl_module
- 重新编译nginx源码
make
先不要着急安装,先备份原nginx二进制包
- 停止nginx,编译安装
make install
- 启动nginx
./nginx start
- 查看是否有安装ssl模块成功
./nginx -V
结果
[root@xxx sbin]# ./nginx -V
nginx version: nginx/1.19.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/data/nginx --pid-path=/data/nginx/nginx.pid --lock-path=/data/nginx/nginx.lock --error-log-path=/data/nginx/log/error.log --http-log-path=/data/nginx/log/access.log --with-http_gzip_static_module --http-client-body-temp-path=/data/nginx/client --http-proxy-temp-path=/data/nginx/proxy --http-fastcgi-temp-path=/data/nginx/fastcgi --http-uwsgi-temp-path=/data/nginx/uwsgi --http-scgi-temp-path=/data/nginx/scgi --with-http_stub_status_module --with-http_ssl_module --with-http_stub_status_module --with-stream
nginx配置
server {
listen 443 ssl;
server_name you.cn;
ssl_certificate /etc/letsencrypt/live/you.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/you.cn/privkey.pem;
...
}