nginx添加模块与https支持

实例1：为已安装nginx动态添加模块

以安装rtmp媒流模块为例：

1)下载第三方模块到

[root@LNMP nginx-1.8.1]# git clone https://github.com/arut/nginx-rtmp-module.git

2)查看nginx编译安装时安装的模块

[root@LNMP nginx-1.8.1]# nginx -Vnginx version: nginx/1.8.1built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013TLS SNI support enabledconfigure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module

3)cd到源码目录添加模块重新配置编译

[root@LNMP nginx]# cd /root/tools/nginx-1.8.1[root@LNMP nginx-1.8.1]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module --add-module=/root/tools/nginx-1.8.1/nginx-rtmp-module

[root@LNMP nginx-1.8.1]# make

#此处只进行编译不进行安装，如安装的话会覆盖源文件。

4)在编译完成后，会在当前目录下生成一个objs文件夹，将nginx二进制文件拷贝到源安装目录下，注意备份源文件，然后查看编译后的模块。

[root@LNMP nginx-1.8.1]# mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.20170825[root@LNMP nginx-1.8.1]# cp objs/nginx /usr/local/nginx/sbin/nginx[root@LNMP nginx-1.8.1]# nginx -Vnginx version: nginx/1.8.1built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013TLS SNI support enabledconfigure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module --add-module=/root/tools/nginx-1.8.1/nginx-rtmp-module[root@LNMP nginx-1.8.1]# nginx -s reload

实例2：nginx使用ssl模块配置https支持

1、生成证书(注意此证书为自己颁发的在公网上不受信任)

1)生成一个rsa密钥：

[root@LNMP ssl]# openssl genrsa -des3 -out test.key 1024Generating RSA private key, 1024 bit long modulus..............................++++++...........................++++++e is 65537 (0x10001)Enter pass phrase for test.key:   #输入密码，需要复杂性要求Verifying - Enter pass phrase for test.key:  #重复密码

2)拷贝刚才的密码文件，生成一个不需要密码的密钥文件：

[root@LNMP ssl]# openssl rsa -in test.key -out test_nopass.keyEnter pass phrase for test.key:  #输入以上创建时输入的密码writing RSA key

3)生成一个证书请求文件

[root@LNMP ssl]# openssl req -new -key test.key -out test.csrEnter pass phrase for test.key:  #输入以上创建时输入的密码You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:cn  #国家State or Province Name (full name) []:shanghai  #省份Locality Name (eg, city) [Default City]:shanghai #城市Organization Name (eg, company) [Default Company Ltd]:shanghai information company Ltd   #具体名称Organizational Unit Name (eg, section) []:test  #单位名称Common Name (eg, your name or your server''s hostname) []:*.test.cn   #服务器域名Email Address []:admin@test.cn  #邮箱Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:   #密码为空，直接回车An optional company name []: #密码为空，直接回车

4)自己签发证书

[root@LNMP ssl]# openssl x509 -req -days 365 -in test.csr -signkey test.key -out test.crtSignature oksubject=/C=cn/ST=shanghai/L=shanghai/O=shanghai information company Ltd/OU=test/CN=*.test.cn/emailAddress=admin@test.cnGetting Private keyEnter pass phrase for test.key:  #输入test.key设置的密码

2、配置nginx.conf文件

[root@LNMP ssl]# vim /usr/local/nginx/conf/nginx.conf添加如下：server {        listen       80;        server_name  localhost;        listen 443;   #监听端口        ssl on;   #开启ssl        ssl_certificate /usr/local/nginx/conf/test.crt; #指定证书位置        ssl_certificate_key  /usr/local/nginx/conf/test_nopass.key;  #指定密钥文件，如此处使用test.key则每次启动nginx服务器需要舒服key密码。

[root@LNMP ssl]# nginx -s reload  #重加载配置

-----------------------------------end-----------------------------------------------------