#tar-xvf openssl-3.0.2.tar.gz#cdopenssl-3.0.2.tar.gz #./config # 有指定路径的加--prefix= # 编译完成后有提示If you arenew to OpenSSL, you might want to consult the'Troubleshooting',#make& make install # 这个时候输入 openssl version 提示error:errorwhile loading shared libraries: libssl.so.1.1: cannot open shared object file: No such fileor directory # 修改软连接#ln-s/usr/local/lib64/libssl.so.1.1/usr/lib64/#ln-s/usr/local/lib64/libcrypto.so.1.1/usr/lib64/#opensslversion 显示正常
#cdnginx-1.20.2 #./configure--with-http_ssl_module--with-openssl=/data/openssl-3.0.2/ #这里我写的路径是安装包路径,也可以指定默认的安装路径#make& make install#mv/usr/local/nginx/sbin/nginx/usr/local/nginx/sbin/nginx.bakup #备份一下#cpnginx1.21.1/objs/nginx/usr/local/nginx/sbin/nginx #把新编译安装的给拷贝过去 #/usr/local/nginx/sbin/./nginx-V 再看一下 # 普通用户启动443端口会报错,可执行:#setcapcap_net_bind_service=+eip./nginx #颜色会变为红色
# 生成key:#mkdir/usr/local/openssl#cd/usr/local/openssl#opensslgenrsa-des3-out nginx.key1024 # 自定义key密码。nginx使用重启时,会要求输入该密码,这里做个删除处理:#mvnginx.key nginx_bak.key #改一下名称#opensslrsa-in nginx_bak.key-out nginx.key # 根据key生产证书请求文件:#opensslreq-new-key nginx.key-out nginx.csr #会要求填写一些所在城市姓名等内容:#CountryName(2 letter code)[AU]:cn Stateor ProvinceName(full name)[Some-State]:guangdong LocalityName(eg, city)[]:guangzhou OrganizationName(eg, company)[Internet Widgits Pty Ltd]:codsway Organizational UnitName(eg, section)[]:operation CommonName(eg, YOUR name)[]:appuser Email Address[]:1111@163.com # 生成crt证书:#opensslx509-req-days3650-in nginx.csr-signkey nginx.key-out nginx.crt
server{ listen443 ssl; #前端访问地址443 server_name localhost; ssl_certificate/usr/local/openssl/nginx.crt; ssl_certificate_key/usr/local/openssl/nginx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #用作前端8082地址代理转发为443 location/{ proxy_pass http:}}