Just start from your heart.
分类: LINUX
2015-02-03 14:17:38
安装步骤:
tar zxvf pcre-8.36.tar.gz
cd pcre-8.36
./configure
报错:configure: error: in `/usr/local/src/pcre-8.36':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details
解决办法:
Yum install gcc-c++
Make
make install
tar zxvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure
Make
make install
tar zxvf openssl-1.0.1c.tar.gz
cd openssl-1.0.1c
./config
Make
make install
tar zxvf nginx-1.3.10.tar.gz
cd nginx-1.3.10
./configure --sbin-path=/usr/local/nginx/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.0.1c --with-pcre=/usr/local/src/pcre-8.36 --with-zlib=/usr/local/src/zlib-1.2.8
Make
make install
ln -s /usr/local/nginx/nginx /usr/bin/nginx
cd /usr/local/nginx/
./nginx
生成证书
To generate private (dummy) certificates you can perform the following list of openssl commands.
生成私有的(虚拟)可以执行以下命令列表OpenSSL证书。
First change directory to where you want to create the certificate and private key, for example:
例如:
$ cd /usr/local/nginx/conf
Now create the server private key, you'll be asked for a passphrase:
会询问你密码:
$ openssl genrsa -des3 -out server.key 1024
Create the Certificate Signing Request (CSR):
$ openssl req -new -key server.key -out server.csr
Remove the necessity of entering a passphrase for starting up nginx with SSL using the above private key:
将进入一个密码启动SSL使用上述私钥nginx的必要性:
$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key
Finally sign the certificate using the above private key and CSR:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
然后把生成的 server.crt 和 server.key 放到和nginx.conf 同一个文件夹下
worker_processes 8;
pid /usr/local/nginx/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
include /usr/local/nginx/vhost/*.conf;
# log_format access '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" $http_x_forwarded_for';
# access_log /var/log/nginx/access.log access;
}
在/usr/local/nginx/下创建vhost目录:
mkdir vhost
创建ssl.conf,用来配置nginx的ssl
vim ssl.conf
server {
listen 10.7.7.123:8443;
ssl on;
server_name localhost;
ssl_certificate /usr/local/nginx/server.crt;
ssl_certificate_key /usr/local/nginx/server.key;
root /var/www/html/; 在/var/www/html/下创建一个index.html文件:echo "This is a web IP 10.7.7.123" > index.html
index index.html index.php;
location / {
proxy_pass ----跟upstream中是对应的
# proxy_set_header X-Forwarded-For $remote_addr;
#proxy_set_header X-Forwarded-Proto https;
}
}
创建upstream.conf,用来配置nginx的upstream模块
vim upstream.conf
upstream test {
ip_hash;
server 10.7.7.222:8080; -----后端服务器的IP和端口
}
修改完配置文件后用nginx –t 检查nginx的配置文件
用nginx –s reload 重新加载配置文件
Vhost下只有一个配置文件server.conf
server {
listen 10.7.7.222:8080; //本地的IP
server_name localhost;
root /var/www/html/;
index index.html index.php;
#location / {
# proxy_pass
# }
}
修改完配置文件后用nginx –t 检查nginx的配置文件
用nginx –s reload 重新加载配置文件
在前端nginx上用https访问本机的地址和端口会出现后端nginx上的内容
出现This is a web IP 107.7.222
