nginx平滑升级添加ssl实现站内https

nginx平滑升级添加ssl实现站内https

一、nginx动态增加编译模块

1.使用参数重新配置

nginx -V 查看目前nginx编译选项

[root@iZwz966hn1pkophvqb3obgZ nginx-1.4.4]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.4.4 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) configure arguments: --prefix=/usr/local/nginx --with-http_realip_module --with-http_sub_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre 然后在新版本nginx下 执行 ./configure --prefix=/usr/local/nginx --with-http_realip_module --with-http_sub_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-http_ssl_module 2.编译安装 make 注意：编译，不要不要不要makeinstall，否则这里就变成了覆盖安装。

之后会看在当前目录生成objs文件，执行可以看到新nginx的编译参数。

#./objs/nginx -V nginx version: nginx/1.4.4 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-http_realip_module --with-http_sub_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-http_ssl_module 3.备份并替换老版本的文件 备份

# mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

替换 # cp ./objs/nginx /usr/local/nginx/sbin/nginx

检查

/usr/local/nginx/sbin/nginx -t [root@iZwz966hn1pkophvqb3obgZ nginx-1.4.4]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.4.4 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-http_realip_module --with-http_sub_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre --with-http_ssl_module

二、搭建https

1.贴一段服务器配置

vim ssl.conf

server {     listen 443;     server_name ceshi.guiren123.com;     ssl on;     root /data/wordpress;     index index.html index.htm index.php;     ssl_certificate   /usr/local/nginx/cert/ceshi_guiren123_com_ssl/214186100710218.pem;     ssl_certificate_key  /usr/local/nginx/cert/ceshi_guiren123_com_ssl/214186100710218.key;     ssl_session_timeout 5m;     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;     ssl_prefer_server_ciphers on;     access_log /tmp/guiren123-access.log xingcheng;     error_log /tmp/guiren123-error.log;     location ~ \.php$ {         include fastcgi_params;         fastcgi_pass unix:/tmp/php-fcgi.sock;         #fastcgi_pass 127.0.0.1:9000;         fastcgi_index index.php;         access_log /tmp/wordpress_access.log xingcheng;         fastcgi_param SCRIPT_FILENAME /data/wordpress$fastcgi_script_name;

注意：当配置多个ssl虚拟主机的时候，可以通过监听多个端口来实现。

如果出现无法访问需要注意下iptables和安全组。

参考：

https://segmentfault.com/a/1190000004232801 http://blog.chinaunix.net/uid-24625974-id-2894092.html