Nginx编译与安装以及自签名SSL证书生成与配置

环境准备

  • Linux环境:CentOS 7.6

Nginx的编译与安装

依赖包下载

  • 安装gcc环境
1
yum install -y gcc-c++
  • openssl下载解压
1
2
3
cd /home/
wget https://www.openssl.org/source/openssl-1.1.1n.tar.gz
tar -zxvf openssl-1.1.1n.tar.gz
  • pcre下载解压
1
2
3
cd /home/
wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.39/pcre2-10.39.tar.gz
tar -zxvf pcre2-10.39.tar.gz
  • zlib下载解压
1
2
3
cd /home/
wget https://github.com/madler/zlib/archive/refs/tags/v1.2.11.tar.gz
tar -zxvf v1.2.11.tar.gz
  • nginx headers-more-nginx-module下载解压
1
2
3
cd /home/
wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v0.33.tar.gz
tar -zxvf v0.33.tar.gz
  • 安装GeoIP库
1
yum install -y GeoIP-devel.x86_64

Nginx编译安装

1
2
3
cd /home/
wget https://nginx.org/download/nginx-1.21.6.tar.gz
tar -zxvf nginx-1.21.6.tar.gz && cd nginx-1.21.6 && ./configure --prefix=/home/nginx --with-pcre=/home/pcre2-10.39 --with-zlib=/home/zlib-1.2.11 --with-openssl=/home/openssl-1.1.1n --add-module=/home/headers-more-nginx-module-0.33 --with-stream --with-stream_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-http_mp4_module --with-http_flv_module --with-http_v2_module --with-file-aio --with-http_geoip_module --with-stream && make && make install

openssl自签名生成私钥和证书

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@bkht45 ~]# mkdir /home/nginx-certs
[root@bkht45 ~]# cd /home/nginx-certs/
[root@bkht45 nginx-certs]# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /home/nginx-certs/www.demo.com.key -out /home/nginx-certs/www.demo.com.crt
Generating a RSA private key
.................+++++
..........+++++
writing new private key to '/home/nginx-certs/www.demo.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:SiChuan
Locality Name (eg, city) []:ChengDu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:demo
Organizational Unit Name (eg, section) []:demo
Common Name (e.g. server FQDN or YOUR name) []:www.demo.com
Email Address []:123456@qq.com
[root@bkht45 nginx-certs]# ll
total 8
-rw-r--r-- 1 root root 1399 Mar 21 09:33 www.demo.com.crt
-rw-r--r-- 1 root root 1708 Mar 21 09:33 www.demo.com.key

配置并启动nginx

  • 修改nginx.conf配置
1
2
cd /home/nginx/conf
vim nginx.conf
  • 增加配置示例如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
server {
listen 443 ssl;
server_name localhost;

ssl_certificate /home/nginx-certs/www.demo.com.crt;
ssl_certificate_key /home/nginx-certs/www.demo.com.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm;
}
}
  • 启动nginx
1
/home/nginx/sbin/nginx -c /home/nginx/conf/nginx.conf
  • 访问nginx验证结果