记录一下今天给一个站点配置SSL证书遇到的问题。
修改配置
在阿里云申请到SLL证书后(过程参见《阿里云申请免费SSL证书》)上传到 nginx的 cert
文件夹之后
需要修改站点对应的nginx 配置,添加如下内容(需要将.pem和.key文件名改成你的):
listen 443 ssl;
ssl on;
ssl_certificate cert/3969078_www.xxxx.cn.pem;
ssl_certificate_key cert/3969078_www.xxxx.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
underscores_in_headers on;
重载nginx配置
centos7 如果配置了 server 的话可以使用以下命令重载
systemctl reload nginx
没有话使用下面的命令重载
nginx -s reload
我在重载的时候,发现报如下报错了:
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.c
这个错误的原因是因为安装nginx的时候没有添加 ssl 模块
添加 nginx ssl模块
我是自己下载源码进行编译安装的,解决方法如下:
- 安装依赖
yum -y install openssl openssl-devel
- 在nginx源码目录执行以下命令,配置ssl模块
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make
- 替换 nginx
cp ./objs/nginx /usr/local/nginx/sbin/
- 重启nginx
systemctl restart nginx
这里我遇到一个问题,启动失败了,使用systemctl status nginx
查看提示log文件不存在
$ systemctl status nginx
● nginx.service - nginx
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2020-05-26 11:14:54 CST; 1min 0s ago
Process: 16838 ExecStop=/usr/local/nginx/sbin/nginx -s quit (code=exited, status=1/FAILURE)
Process: 16812 ExecReload=/usr/local/nginx/sbin/nginx -s reload (code=exited, status=1/FAILURE)
Process: 16913 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=1/FAILURE)
Main PID: 32010 (code=exited, status=0/SUCCESS)
May 26 11:14:54 1lin24 systemd[1]: Starting nginx...
May 26 11:14:54 1lin24 systemd[1]: nginx.service: control process exited, code=exited status=1
May 26 11:14:54 1lin24 nginx[16913]: nginx: [alert] could not open error log file: open() "/usr/local/nginx/logs/error.log" failed (2: No su...irectory)
May 26 11:14:54 1lin24 nginx[16913]: 2020/05/26 11:14:54 [emerg] 16913#0: open() "/usr/local/nginx/logs/error.log" failed (2: No such file or directory)
May 26 11:14:54 1lin24 systemd[1]: Failed to start nginx.
May 26 11:14:54 1lin24 systemd[1]: Unit nginx.service entered failed state.
May 26 11:14:54 1lin24 systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
- 在对应目录下创建丢失的目录
mkdir /usr/local/nginx/logs
- 再次重启nginx即可
systemctl restart nginx