1.默认nginx是没有安装ssl模块的,需要编译安装nginx时加入--with-http_ssl_module选项
1.1在线安装http_ssl_module模块
1.1.1 查看现有模块
[[email protected] ~]# nginx -V
nginx version: nginx/1.13.12
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
1.1.2 下载新模块二进制包 http://labs.frickle.com/nginx_ngx_cache_purge/
[[email protected] ~]# tar xvf ngx_cache_purge-2.3.tar.gz -C /usr/src/nginx-1.13.12/
1.1.3 重新编译nginx
[[email protected] ~]# cd /usr/src/nginx-1.13.12/
[[email protected] nginx-1.13.12]# ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/usr/src/ngx_cache_purge-2.3
[[email protected] nginx-1.13.12]# make
1.1.4 备份老的nginx,并用新的进行替换
[[email protected] objs]# cp /usr/local/nginx/sbin/nginx{,.bak}
[[email protected] nginx-1.13.12]# \cp /usr/src/nginx-1.13.12/objs/nginx /usr/local/nginx/sbin/ -f
1.1.5 测试是否有问题
[[email protected] ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
1.1.6 使用make upgrade 替换老的nginx进程 进行平滑升级
[[email protected] nginx-1.13.12]# make upgrade
/usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
kill -USR2 cat /usr/local/nginx/logs/nginx.pid
sleep 1
test -f /usr/local/nginx/logs/nginx.pid.oldbin
kill -QUIT cat /usr/local/nginx/logs/nginx.pid.oldbin
2.nginx全站认证
原文地址:http://blog.51cto.com/13893093/2177025