How to set the management password for your nginx service


1. Install the package on which Nginx compilation depends

 2. Download and install Nginx

Generate certificate:

Configure nginx https:

1. Install the package on which Nginx compilation depends

In centos, you can use yum to install the following dependent packages:

yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel

Dependent package description:

1. Compilation depends on GCC environment, so you need: gcc gcc-c + +;

2. PCRE(Perl Compatible Regular Expressions) is a perl library, including perl compatible regular expression library. The http module of nginx uses pcre to parse regular expressions, so you need to install pcre library on linux. pcre devel is a secondary development library developed using pcre, so you need: pcre PCRE devel;

3. Zlib library provides many ways of compression and decompression. nginx uses zlib to gzip the contents of http package, so zlib library needs to be installed on Centos, so: zlib zlib devel;

4. OpenSSL is a powerful secure socket layer cryptographic library, which includes the main cryptographic algorithms, common key and certificate encapsulation management functions and ssl protocol, and provides rich applications for testing or other purposes. nginx supports not only http protocol, but also https (i.e. transmitting http over ssl Protocol). Therefore, OpenSSL library needs to be installed in Centos, so: OpenSSL OpenSSL devel;

If you can't install a dependent package through yum, you can download it and install it by decompressing and making & & make install

When I installed pcre using yum, I failed to install it successfully, resulting in an error when making:

make: *** No rule to make target `build', needed by `default'. Stop.

If you can't install pcre using yum, you can go to the official website(

Download the corresponding compressed package and then decompress it for installation:

tar zxvf pcre-8.43.tar.gz

cd pcre-8.43


make && make install

If you fail to install OpenSSL using yum, you can go to( /source/index.html )Download the OpenSSL compressed package,

Decompression installation:

tar zxvf openssl-1.0.2t.tar.gz

cd openssl-1.0.2t

./config --prefix=/usr/local/ --openssldir=/usr/local/openssl -g3 shared zlib-dynamic enable-camellia

make && make install

Test availability:

[root@etcd01 sbin]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

If the installation of zlib fails, you can use yum zlib Home Site Download the compressed package, extract and install:

tar zxvf zlib-1.2.11.tar.gz

cd zlib-1.2.11


make && make install

 2. Download and install Nginx

  • Go to the official website to download Nginx: wget
  • Decompression installation:
tar zxvf nginx-1.16.1.tar.gz
cd nginx-1.16.1
./configure --prefix=/opt/nginx/server 
make && make install

In this way, the related directories of sbin and conf installed by Nginx will be deleted

-Generate in / opt/nginx/server. If you don't know the prefix, it will be generated in / usr/local/nginx directory by default

  • Test for successful installation:
[root@s1 sbin]# ./nginx -V
nginx version: nginx/1.16.1
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx/server --with-http_stub_status_module --with-http_ssl_module

Here -- with http_ stub_ status_ module --with-http_ ssl_ Module is an SSL module that needs to be added when configuring https. It will be described later. If there are no these two modules, an error will be reported when using https:

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /opt/nginx/server/conf/nginx.conf:37
  • Start Nginx:
cd /opt/nginx/server/sbin

An error may be reported when starting nginx:

nginx: error while loading shared libraries: cannot open shared object file: No such file or directory  

On redhat 64 bit machines, the pcre file that nginx may read is / lib64 / libpcre so. 1. Documents A soft connection needs to be established:

ln -s /usr/local/lib/ /lib64/ 
  • nginx service related commands:
./nginx -t                #Verify nginx Correctness of conf file
./nginx -s reload         #Reload nginx Conf file
./nginx -s stop           #Stop Nginx service
  • Verify that the service started successfully:

You can view ports:

[root@s1 sbin]# netstat -ntlp | grep nginx
tcp        0      0    *               LISTEN      349/nginx: master 

You can also use the browser: http://ip

So far, the normal configuration of Nginx has been completed, but if https is used, the certificate and modules related to https supported by Nginx need to be configured

First, Nginx adds modules that support https during installation/ configuration needs to add ssl related modules:

./configure --prefix=/opt/nginx/server --with-http_stub_status_module --with-http_ssl_module

Generate certificate:

1. First, use openssl to execute the following command to generate a key:

openssl genrsa -des3 -out nginx.key 1024 #The password used here is 1024

Then he will ask you to enter the password of the key file.

It will be used by nginx in the future. You are required to verify the PAM password every time reload nginx is configured.

2. Then use openssl to generate the certificate request file according to the key file:

openssl req -new -key nginx.key -out nginx.csr

When generating the above commands, you need to fill in a lot of things # read and write one by one (you can do whatever you want. After all, this is the certificate generated by yourself, but if you use the java program to access, you need to enter your own domain name when entering the user name or server name, otherwise you will report an error that you can't find the matching domain name certificate)

3. Finally, the crt certificate file is generated according to the two files:

openssl x509 -req -days 3650 -in nginx.csr -signkey nginx.key -out nginx.crt

4. The last files used are key and crt files. If you need to use pfx, you can generate it with the following command:

openssl pkcs12 -export -inkey nginx.key -in nginx.crt -out nginx.pfx

Configure nginx https:

Need to be in nginx Add to conf configuration file:

server {
            listen       443 ssl;
            server_name  localhost;

            ssl_protocols SSLv2 SSLv3 TLSv1;
            #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

            ssl_certificate      /opt/nginx/ssl/nginx.crt;
            ssl_certificate_key  /opt/nginx/ssl/nginx.key;
            ssl_session_cache    shared:SSL:1m;
            ssl_session_timeout  5m;
            ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
            ssl_prefer_server_ciphers  on;
            location / {
                proxy_pass http://httpfs/;

Complete nginx Conf configuration file:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/;

events {
    worker_connections  1024;

http {
    include       mime.types;
    default_type  application/octet-stream;

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    upstream httpfs {

    server {
        listen       80;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
          proxy_pass http://httpfs/;

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;


    # HTTPS server
    server {
        listen       443 ssl;

        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_certificate      ssl/nginx.crt;
        ssl_certificate_key  ssl/nginx.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        #ssl_ciphers  HIGH:!aNULL:!MD5;
            ssl_prefer_server_ciphers  on;
        location / {
            proxy_pass http://httpfs/;

After restarting nginx, you can use https to access it.

[root@etcd01 sbin]# ./nginx -s reload
Enter PEM pass phrase:
[root@etcd01 sbin]# 

#At this time, you will be prompted to enter a password. You can restart successfully only by entering a password

Keywords: Linux CentOS Nginx

Added by lexx on Mon, 21 Feb 2022 05:37:44 +0200