源码安装nginx开启SSL功能

编译安装nginx的环境

yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel

下载nginx安装包

cd /usr/local/src
wget http://nginx.org/download/nginx-1.18.0.tar.gz
tar zxvf nginx-1.18.0.tar.gz

编译安装nginx

cd nginx-1.18.0
# 配置
./configure --prefix=/usr/local/nginx --with-http_ssl_module
# 编译,安装
make && make install
# 查询是否安装成功
/usr/local/nginx/sbin/nginx -V

# 出现这个安装成功出现
nginx version: nginx/1.18.0
built by gcc 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module

配置nginx.conf

# http自动跳转到https
server {
 listen 80;
 server_name localhost;   #将localhost修改为您证书绑定的域名，例如：www.example.com。
rewrite ^(.*)$ https://$host$1 permanent;   #将所有http请求通过rewrite重定向到https。
 location / {
    index index.html index.htm;
    }
}

# ssl配置
server {
    listen 443 ssl;
    server_name localhost;
    root html;
    index index.html index.htm;
    ssl_certificate cert/domain name.pem;   #将domain name.pem替换成您证书的文件名。
    ssl_certificate_key cert/domain name.key;   #将domain name.key替换成您证书的密钥文件名。
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
    	index index.html index.htm;
    }
}

Test

# http自动跳转到https
server {
 listen 80;
 server_name localhost;   #将localhost修改为您证书绑定的域名，例如：www.example.com。
rewrite ^(.*)$ https://$host$1 permanent;   #将所有http请求通过rewrite重定向到https。
 location / {
    index index.html index.htm;
    }
}

# ssl配置
server {
    listen 443 ssl;
    server_name localhost;
    root html;
    index index.html index.htm;
    ssl_certificate /usr/local/nginx/cert/4329893_qra.psmtech.com.cn.pem;   #将domain name.pem替换成您证书的文件名。
    ssl_certificate_key /usr/local/nginx/cert/4329893_qra.psmtech.com.cn.key;   #将domain name.key替换成您证书的密钥文件名。
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
    	index index.html index.htm;
    }
}