catalogue
1. Install the package on which Nginx compilation depends
1. Install the package on which Nginx compilation depends
In centos, you can use yum to install the following dependent packages:
yum install -y gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
Dependent package description:
1. Compilation depends on GCC environment, so you need: gcc gcc-c + +;
2. PCRE(Perl Compatible Regular Expressions) is a perl library, including perl compatible regular expression library. The http module of nginx uses pcre to parse regular expressions, so you need to install pcre library on linux. pcre devel is a secondary development library developed using pcre, so you need: pcre PCRE devel;
3. Zlib library provides many ways of compression and decompression. nginx uses zlib to gzip the contents of http package, so zlib library needs to be installed on Centos, so: zlib zlib devel;
4. OpenSSL is a powerful secure socket layer cryptographic library, which includes the main cryptographic algorithms, common key and certificate encapsulation management functions and ssl protocol, and provides rich applications for testing or other purposes. nginx supports not only http protocol, but also https (i.e. transmitting http over ssl Protocol). Therefore, OpenSSL library needs to be installed in Centos, so: OpenSSL OpenSSL devel;
If you can't install a dependent package through yum, you can download it and install it by decompressing and making & & make install
When I installed pcre using yum, I failed to install it successfully, resulting in an error when making:
make: *** No rule to make target `build', needed by `default'. Stop.
If you can't install pcre using yum, you can go to the official website( https://ftp.pcre.org/pub/pcre/)
Download the corresponding compressed package and then decompress it for installation:
tar zxvf pcre-8.43.tar.gz cd pcre-8.43 ./configure make && make install
If you fail to install OpenSSL using yum, you can go to( /source/index.html )Download the OpenSSL compressed package,
Decompression installation:
tar zxvf openssl-1.0.2t.tar.gz cd openssl-1.0.2t ./config --prefix=/usr/local/ --openssldir=/usr/local/openssl -g3 shared zlib-dynamic enable-camellia make && make install
Test availability:
[root@etcd01 sbin]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017
If the installation of zlib fails, you can use yum zlib Home Site Download the compressed package, extract and install:
tar zxvf zlib-1.2.11.tar.gz cd zlib-1.2.11 ./configure make && make install
2. Download and install Nginx
- Go to the official website to download Nginx: wget https://nginx.org/download/nginx-1.16.1.tar.gz
- Decompression installation:
tar zxvf nginx-1.16.1.tar.gz cd nginx-1.16.1 ./configure --prefix=/opt/nginx/server make && make install
In this way, the related directories of sbin and conf installed by Nginx will be deleted
-Generate in / opt/nginx/server. If you don't know the prefix, it will be generated in / usr/local/nginx directory by default
- Test for successful installation:
[root@s1 sbin]# ./nginx -V nginx version: nginx/1.16.1 built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/opt/nginx/server --with-http_stub_status_module --with-http_ssl_module
Here -- with http_ stub_ status_ module --with-http_ ssl_ Module is an SSL module that needs to be added when configuring https. It will be described later. If there are no these two modules, an error will be reported when using https:
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /opt/nginx/server/conf/nginx.conf:37
- Start Nginx:
cd /opt/nginx/server/sbin ./nginx
An error may be reported when starting nginx:
nginx: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
On redhat 64 bit machines, the pcre file that nginx may read is / lib64 / libpcre so. 1. Documents A soft connection needs to be established:
ln -s /usr/local/lib/libpcre.so.1 /lib64/
- nginx service related commands:
./nginx -t #Verify nginx Correctness of conf file ./nginx -s reload #Reload nginx Conf file ./nginx -s stop #Stop Nginx service
- Verify that the service started successfully:
You can view ports:
[root@s1 sbin]# netstat -ntlp | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 349/nginx: master
You can also use the browser: http://ip
So far, the normal configuration of Nginx has been completed, but if https is used, the certificate and modules related to https supported by Nginx need to be configured
First, Nginx adds modules that support https during installation/ configuration needs to add ssl related modules:
./configure --prefix=/opt/nginx/server --with-http_stub_status_module --with-http_ssl_module
Generate certificate:
1. First, use openssl to execute the following command to generate a key:
openssl genrsa -des3 -out nginx.key 1024 #The password used here is 1024
Then he will ask you to enter the password of the key file.
It will be used by nginx in the future. You are required to verify the PAM password every time reload nginx is configured.
2. Then use openssl to generate the certificate request file according to the key file:
openssl req -new -key nginx.key -out nginx.csr
When generating the above commands, you need to fill in a lot of things # read and write one by one (you can do whatever you want. After all, this is the certificate generated by yourself, but if you use the java program to access, you need to enter your own domain name when entering the user name or server name, otherwise you will report an error that you can't find the matching domain name certificate)
3. Finally, the crt certificate file is generated according to the two files:
openssl x509 -req -days 3650 -in nginx.csr -signkey nginx.key -out nginx.crt
4. The last files used are key and crt files. If you need to use pfx, you can generate it with the following command:
openssl pkcs12 -export -inkey nginx.key -in nginx.crt -out nginx.pfx
Configure nginx https:
Need to be in nginx Add to conf configuration file:
server {
listen 443 ssl;
server_name localhost;
ssl_protocols SSLv2 SSLv3 TLSv1;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_certificate /opt/nginx/ssl/nginx.crt;
ssl_certificate_key /opt/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://httpfs/;
}
}Complete nginx Conf configuration file:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream httpfs {
server 127.0.0.1:14000;
}
server {
listen 80;
server_name httpfs.test.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://httpfs/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS server
server {
listen 443 ssl;
server_name httpfs.test.com;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_certificate ssl/nginx.crt;
ssl_certificate_key ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://httpfs/;
}
}
}After restarting nginx, you can use https to access it.
[root@etcd01 sbin]# ./nginx -s reload Enter PEM pass phrase: [root@etcd01 sbin]# #At this time, you will be prompted to enter a password. You can restart successfully only by entering a password