Nginx+FastCGI支持HTTPS部署过程详述

依赖的软件

nginx-1.13.5.tar.gz

spawn-fcgi-1.6.4.tar.gz

fcgi-2.4.0.tar.gz

编译安装

[[email protected] ~]# tar  xzvf nginx-1.13.5.tar.gz

[[email protected] ~]# cd  nginx-1.13.5

[[email protected] nginx-1.13.5]# ./configure --prefix=/usr/local/nginx

./configure: error: the HTTP rewrite module requires the PCRE library.

You can either disable the module by using --without-http_rewrite_module

option, or install the PCRE library into the system, or build the PCRE library

statically from the source with nginx by using --with-pcre=<path> option.

[[email protected] nginx-1.13.5]# yum  -y install prce-devel

[[email protected] nginx-1.13.5]# /usr/sbin/groupadd -f www

[[email protected] nginx-1.13.5]# /usr/sbin/useradd -g www www

[[email protected] nginx-1.13.5]# ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module

[[email protected] nginx-1.13.5]# make

[[email protected] nginx-1.13.5]# ls

auto  CHANGES  CHANGES.ru  conf  configure  contrib  html  LICENSE  Makefile  man  objs  README  src

[[email protected] ]# tar   xzvf spawn-fcgi-1.6.4.tar.gz

[[email protected] spawn-fcgi-1.6.4]# ls

aclocal.m4  autom4te.cache  config.h.in    configure     depcomp     Makefile     missing      README        stamp-h1

AUTHORS     CMakeLists.txt  config.log     configure.ac  doc         Makefile.am  NEWS         spawn-fcgi.1

autogen.sh  config.h        config.status  COPYING       install-sh  Makefile.in  packdist.sh  src

[[email protected] spawn-fcgi-1.6.4]# ./autogen.sh

./autogen.sh: line 11: autoreconf: command not found

[[email protected] spawn-fcgi-1.6.4]# yum install autoconf automake libtool

[[email protected] spawn-fcgi-1.6.4]# ./autogen.sh

configure.ac:9: installing `./install-sh‘

configure.ac:9: installing `./missing‘

src/Makefile.am: installing `./depcomp‘

Now type ‘./configure ...‘ and ‘make‘ to compile.

[[email protected] spawn-fcgi-1.6.4]# ./configure

[[email protected] spawn-fcgi-1.6.4]# make

[[email protected] spawn-fcgi-1.6.4]# ls

aclocal.m4  autom4te.cache  config.h.in    configure     depcomp     Makefile     missing      README        stamp-h1

AUTHORS     CMakeLists.txt  config.log     configure.ac  doc         Makefile.am  NEWS         spawn-fcgi.1

autogen.sh  config.h        config.status  COPYING       install-sh  Makefile.in  packdist.sh  src

[[email protected] spawn-fcgi-1.6.4]# cp src/spawn-fcgi

spawn-fcgi    spawn-fcgi.c  spawn-fcgi.o

[[email protected] spawn-fcgi-1.6.4]# cp src/spawn-fcgi /usr/local/nginx/sbin/

[[email protected] ~]# tar  xzvf fcgi-2.4.0.tar.gz

[[email protected] ~]# cd fcgi-2.4.0

[[email protected] fcgi-2.4.0~]# ./configure

[[email protected] fcgi-2.4.0~]# make && make install

颁发证书

[[email protected] ~]# cd /etc/pki/tls/certs

[[email protected] certs]# make server.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > server.key

Generating RSA private key, 2048 bit long modulus

......................................................++++++

.............++++++

e is 61251 (0x10001)

Enter pass phrase: 654321 #设置密码

Verifying - Enter pass phrase: 654321

# remove passphrase from private key

[[email protected] certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key: 654321 #输入密码

writing RSA key

[[email protected] certs]# make server.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.‘, the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN #国家名称

State or Province Name (full name) [e]:Beijing   #州或省的名称

Locality Name (eg, city) [Default City]:Beijing  #地点名称（如城市）

Organization Name (eg, company) [Default Company Ltd]:Test   机构名称（如公司）

Organizational Unit Name (eg, section) []:Test Haha   组织单位名称（如部分）

Common Name (eg, your server‘s hostname) []:www.test.com   #常见的名字（例如，您的服务器的主机名）

Email Address []:[email protected] # 电子邮件地址

Please enter the following ‘extra‘ attributes

to be sent with your certificate request

A challenge password []:# 挑战密码

An optional company name []:#一个可选的公司名称

[[email protected] certs]#

[[email protected] certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok

subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/[email protected]

Getting Private key

[[email protected] certs]# chmod 400 server.*

[[email protected] nginx-1.13.5]# /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[[email protected] nginx-1.13.5]# /usr/local/nginx/sbin/nginx

2)可用“kill -HUP 主进程id ”命令(如：kill -HUP 1)重新加载配置文件。

3)可用“kill -QUIT 主进程id” 命令(如：kill -QUIT 1)关闭Nginx。

测试Nginx

浏览器输入：https://IP:8088/

测试FastCGI

编写了如下的测试程序test.c，代码如下：

#include <stdio.h>

#include <fcgi_stdio.h>

#include <stdlib.h>

int main()

{

int count = 0;

while (FCGI_Accept() >= 0)

{

printf("Content-type: text/html\r\n"

"\r\n"

""

"FastCGI Hello!"

"Rrunning on host [%s] Get str is [%s] "

"Process ID: [%d]\n", getenv("SERVER_NAME"),getenv("QUERY_STRING"), getpid());

}

return 0;

}

[[email protected] ~]#gcc -g -o test test.c -lfcgi

[[email protected] ~]#mv  test /usr/local/nginx/sbin/

[[email protected] ~]#/usr/local/nginx/sbin/spawn-fcgi -a 127.0.0.1 -p 9000 -f /usr/local/nginx/sbin/test -n

浏览器输入：https://IP:8088/test.cgi?abcdf

FastCGI Hello!Rrunning on host [localhost] Get str is [abcdf] Process ID: [22976]