Nginx 配置 SSL,很系统!很完整!解决 Nginx 报错 nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf

完整记录在给 Nginx 配置 SSL 操作,起初的 Nginx 配置未引入SSL模块,现配置 SSL 遇到的问题

1、更改 conf 的配置

server {
 listen 443;                        # 监听端口
 server_name str.boxxxxeji.cn;        # 站点域名
 ssl on;
 ssl_certificate  /usr/local/nginx/ssl/5983941__boxxxxeji.cn.pem;
 ssl_certificate_key /usr/local/nginx/ssl/5983941__boxxxxeji.cn.key;
 ssl_session_timeout 5m;
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 try_files $uri /index.html;
 charset utf-8;
 gzip on;
 gzip_buffers 32 4K;
 gzip_comp_level 6;
 gzip_min_length 100;
 gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
 gzip_disable "MSIE [1-6]\."; 
 gzip_vary on;

 limit_req zone=allips burst=5 nodelay;

 location / {
  proxy_pass http://127.0.0.1:8086/;
 }
}

 

2、在加入SSL需要的文件

  在 /usr/local/nginx 目录下创建 ssl 文件夹,并且把域名的证书文件放入其中

 

 

3、重启 Nginx 

sudo /usr/local/nginx/sbin/nginx -s reload

报错:nginx: [emerg] unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:4

其原因是 Nginx 未引入 SSL 模块

 

4、进入 Nginx 的解压目录执行如下代码

./configure --with-http_ssl_module

PS:如果已经删了就重新下载对应版本的Nginx吧

Nginx下载地址: https://nginx.org/en/download.html

下载1.18.0为例:wget https://nginx.org/download/nginx-1.18.0.tar.gz

解压命令: sudo tar -zxvf nginx-1.18.0.tar.gz

进入nginx目录: cd nginx-1.18.0/

再执行命令:sudo ./configure --with-http_ssl_module

 

5、执行make

sudo make

 

6、备份原来的 Nginx

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

 

7、新 Nginx 替换原 Nginx

sudo cp -rfp objs/nginx /usr/local/nginx/sbin/nginx

 

8、检查Nginx配置

sudo /usr/local/nginx/sbin/nginx -t

 

9、重启 Nginx

sudo /usr/local/nginx/sbin/nginx -s reload

如果报:nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/nginx/conf/server/str.conf:5

修改 conf 配置配置如下:

server {
 listen 443 ssl;                        # 监听端口
 server_name str.boxxxxeji.cn;        # 站点域名
 ssl_certificate  /usr/local/nginx/ssl/5983941__boxxxxeji.cn.pem;
 ssl_certificate_key /usr/local/nginx/ssl/5983941__boxxxxeji.cn.key;
 ssl_session_timeout 5m;
 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 try_files $uri /index.html;
 charset utf-8;
 gzip on;
 gzip_buffers 32 4K;
 gzip_comp_level 6;
 gzip_min_length 100;
 gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
 gzip_disable "MSIE [1-6]\."; 
 gzip_vary on;

 limit_req zone=allips burst=5 nodelay;

 location / {
  proxy_pass http://127.0.0.1:8086/;
 }
}

重启 Nginx 即可

 

posted @ 2022-02-21 17:03  林诺欧巴  阅读(4455)  评论(0编辑  收藏  举报