实例1:为已安装nginx动态添加模块
以安装rtmp媒流模块为例:
1)下载第三方模块到
[root@LNMP nginx-1.8.1]# git clone https://github.com/arut/nginx-rtmp-module.git
2)查看nginx编译安装时安装的模块
<code>[root@LNMP nginx-1.8.1]</code><code># nginx -V</code>
<code>nginx version: nginx</code><code>/1</code><code>.8.1</code>
<code>built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) </code>
<code>built with OpenSSL 1.0.1e-fips 11 Feb 2013</code>
<code>TLS SNI support enabled</code>
<code>configure arguments: --user=nginx --group=nginx --prefix=</code><code>/usr/local/nginx</code> <code>--with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module</code>
3)cd到源码目录添加模块重新配置编译
<code>[root@LNMP nginx]</code><code># cd /root/tools/nginx-1.8.1</code>
<code>[root@LNMP nginx-1.8.1]</code><code># ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module --add-module=/root/tools/nginx-1.8.1/nginx-rtmp-module</code>
<code>[root@LNMP nginx-1.8.1]</code><code># make</code>
#此处只进行编译不进行安装,如安装的话会覆盖源文件。
4)在编译完成后,会在当前目录下生成一个objs文件夹,将nginx二进制文件拷贝到源安装目录下,注意备份源文件,然后查看编译后的模块。
<code>[root@LNMP nginx-1.8.1]</code><code># mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.20170825</code>
<code>[root@LNMP nginx-1.8.1]</code><code># cp objs/nginx /usr/local/nginx/sbin/nginx</code>
<code>configure arguments: --user=nginx --group=nginx --prefix=</code><code>/usr/local/nginx</code> <code>--with-http_ssl_module --with-http_stub_status_module --with-http_ssl_module --add-module=</code><code>/root/tools/nginx-1</code><code>.8.1</code><code>/nginx-rtmp-module</code>
<code>[root@LNMP nginx-1.8.1]</code><code># nginx -s reload</code>
实例2:nginx使用ssl模块配置https支持
1、生成证书(注意此证书为自己颁发的在公网上不受信任)
1)生成一个rsa密钥:
<code>[root@LNMP ssl]</code><code># openssl genrsa -des3 -out test.key 1024</code>
<code>Generating RSA private key, 1024 bit long modulus</code>
<code>..............................++++++</code>
<code>...........................++++++</code>
<code>e is 65537 (0x10001)</code>
<code>Enter pass phrase </code><code>for</code> <code>test</code><code>.key: </code><code>#输入密码,需要复杂性要求</code>
<code>Verifying - Enter pass phrase </code><code>for</code> <code>test</code><code>.key: </code><code>#重复密码</code>
2)拷贝刚才的密码文件,生成一个不需要密码的密钥文件:
<code>[root@LNMP ssl]</code><code># openssl rsa -in test.key -out test_nopass.key</code>
<code>Enter pass phrase </code><code>for</code> <code>test</code><code>.key: </code><code>#输入以上创建时输入的密码</code>
<code>writing RSA key</code>
3)生成一个证书请求文件
<code>[root@LNMP ssl]</code><code># openssl req -new -key test.key -out test.csr</code>
<code>You are about to be asked to enter information that will be incorporated</code>
<code>into your certificate request.</code>
<code>What you are about to enter is what is called a Distinguished Name or a DN.</code>
<code>There are quite a few fields but you can leave some blank</code>
<code>For some fields there will be a default value,</code>
<code>If you enter </code><code>'.'</code><code>, the field will be left blank.</code>
<code>-----</code>
<code>Country Name (2 letter code) [XX]:cn </code><code>#国家</code>
<code>State or Province Name (full name) []:shanghai </code><code>#省份</code>
<code>Locality Name (eg, city) [Default City]:shanghai </code><code>#城市</code>
<code>Organization Name (eg, company) [Default Company Ltd]:shanghai information company Ltd </code><code>#具体名称</code>
<code>Organizational Unit Name (eg, section) []:</code><code>test</code> <code>#单位名称</code>
<code>Common Name (eg, your name or your server</code><code>''</code><code>s </code><code>hostname</code><code>) []:*.</code><code>test</code><code>.cn </code><code>#服务器域名</code>
<code>Email Address []:admin@</code><code>test</code><code>.cn </code><code>#邮箱</code>
<code>Please enter the following </code><code>'extra'</code> <code>attributes</code>
<code>to be sent with your certificate request</code>
<code>A challenge password []: </code><code>#密码为空,直接回车</code>
<code>An optional company name []: </code><code>#密码为空,直接回车</code>
4)自己签发证书
<code>[root@LNMP ssl]</code><code># openssl x509 -req -days 365 -in test.csr -signkey test.key -out test.crt</code>
<code>Signature ok</code>
<code>subject=</code><code>/C</code><code>=cn</code><code>/ST</code><code>=shanghai</code><code>/L</code><code>=shanghai</code><code>/O</code><code>=shanghai information company Ltd</code><code>/OU</code><code>=</code><code>test</code><code>/CN</code><code>=*.</code><code>test</code><code>.cn</code><code>/emailAddress</code><code>=admin@</code><code>test</code><code>.cn</code>
<code>Getting Private key</code>
<code>Enter pass phrase </code><code>for</code> <code>test</code><code>.key: </code><code>#输入test.key设置的密码</code>
2、配置nginx.conf文件
<code>[root@LNMP ssl]</code><code># vim /usr/local/nginx/conf/nginx.conf</code>
<code>添加如下:</code>
<code>server {</code>
<code> </code><code>listen 80;</code>
<code> </code><code>server_name localhost;</code>
<code> </code><code>listen 443; </code><code>#监听端口</code>
<code> </code><code>ssl on; </code><code>#开启ssl</code>
<code> </code><code>ssl_certificate </code><code>/usr/local/nginx/conf/test</code><code>.crt; </code><code>#指定证书位置</code>
<code> </code><code>ssl_certificate_key </code><code>/usr/local/nginx/conf/test_nopass</code><code>.key; </code><code>#指定密钥文件,如此处使用test.key则每次启动nginx服务器需要舒服key密码。</code>
<code>[root@LNMP ssl]</code><code># nginx -s reload #重加载配置</code>
-----------------------------------end-----------------------------------------------------
本文转自 80后小菜鸟 51CTO博客,原文链接:http://blog.51cto.com/zhangxinqi/1959393