依赖
yum -y install pcre-devel openssl openssl-devel library
编译:
mkdir /data/nginx/ -p
./configure --prefix=/data/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module
版本信息
[[email protected] sbin]# ./nginx -V
nginx version: nginx/1.14.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/data/nginx/ --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module
配置443多证书请求:
[[email protected] conf]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /data/nginx/logs/access.log main;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream web_rel {
server 127.0.0.1:8082;
server 127.0.0.1:8083;
}
# 通过 web-vrf.umout.com 的请求转发给静态路径 /data/wawa_web_verify/ROOT/
server {
listen 443 ssl;
server_name web-vrf.umout.com;
root /data/wawa_web_verify/ROOT/;
ssl on;
ssl_certificate /data/nginx/ssl/STAR_game.com.crt;
ssl_certificate_key /data/nginx/ssl/game.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
index index.html index.htm;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# URL通过 web-rel.umout.com 的请求转到后端动态请求 proxy_pass
server {
listen 443 ssl;
server_name web-rel.umout.com;
ssl on;
ssl_certificate /data/nginx/ssl/STAR_umout_com.crt;
ssl_certificate_key /data/nginx/ssl/umoutcom.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
index index.html index.htm;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://web_rel;
}
}
}