昨天试着配置了一下Nginx的ssl证书,具体如下
http { server{ listen 443 ssl; server_name www.xxx.com; ssl_certificate /etc/certs/cert.pem; ssl_certificate_key /etc/certs/cert.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location /wxpay/ { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_pass http://127.0.0.1:8080/wxpay; } } server { listen 80; server_name www.xxx.com; rewrite ^/(.*)$ https://www.xxx.com:443/$1 permanent; } }
发现无法启动,报nginx:[emerg]unknown directive ssl错误。
出现这个问题是因为我编译的时候没有添加ssl模块,解决办法如下:
打开编译目录,假设是/usr/loacl/nginx1.16.0
cd /usr/loacl/nginx1.16.0
添加ssl模块
./configure --with-http_ssl_module
编译安装包
make
然后把编译好的文件替换之前的,在此之前你可以先备份一下原来的文件
cp objs/nginx /usr/local/nginx/sbin/nginx
最后,查看一下是否安装成功
./sbin/nginx -V
如果看到这样的结果就表示安装成功了
[root@launch-advisor-20180716 nginx]# ./sbin/nginx -V nginx version: nginx/1.16.0 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --with-http_ssl_module
TLS SNI support enabled说明SSL可用,再启动Nginx就正常了
参考:https://blog.csdn.net/weixin_38111957/article/details/81283121
