- Linux에서 Nginx 1.8.0 설치하기 : http://sarc.io/index.php/nginx/311-linux-nginx-1-8-1
- Linux에서 Nginx 1.10.1 설치하고 nginx_status 설정하기 : http://sarc.io/index.php/nginx/592-linux-nginx-1-10-1-nginx-status
1.13.1 설치파일 주소는 http://nginx.org/download/nginx-1.13.1.tar.gz 입니다.
1. configure
$ ./configure --prefix=/app/nginx-1.13.1 --with-http_ssl_module checking for OS + Linux 2.6.32-279.el6.x86_64 x86_64 checking for C compiler ... found + using GNU C compiler + gcc version: 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) checking for gcc -pipe switch ... found checking for -Wl,-E switch ... found checking for gcc builtin atomic operations ... found checking for C99 variadic macros ... found checking for gcc variadic macros ... found checking for gcc builtin 64 bit byteswap ... found checking for unistd.h ... found checking for inttypes.h ... found checking for limits.h ... found checking for sys/filio.h ... not found checking for sys/param.h ... found checking for sys/mount.h ... found checking for sys/statvfs.h ... found checking for crypt.h ... found checking for Linux specific features checking for epoll ... found checking for EPOLLRDHUP ... found checking for EPOLLEXCLUSIVE ... not found checking for O_PATH ... not found checking for sendfile() ... found checking for sendfile64() ... found checking for sys/prctl.h ... found checking for prctl(PR_SET_DUMPABLE) ... found checking for crypt_r() ... found checking for sys/vfs.h ... found checking for nobody group ... found checking for poll() ... found checking for /dev/poll ... not found checking for kqueue ... not found checking for crypt() ... not found checking for crypt() in libcrypt ... found checking for F_READAHEAD ... not found checking for posix_fadvise() ... found checking for O_DIRECT ... found checking for F_NOCACHE ... not found checking for directio() ... not found checking for statfs() ... found checking for statvfs() ... found checking for dlopen() ... not found checking for dlopen() in libdl ... found checking for sched_yield() ... found checking for sched_setaffinity() ... found checking for SO_SETFIB ... not found checking for SO_REUSEPORT ... found checking for SO_ACCEPTFILTER ... not found checking for SO_BINDANY ... not found checking for IP_BIND_ADDRESS_NO_PORT ... not found checking for IP_TRANSPARENT ... found checking for IP_BINDANY ... not found checking for IP_RECVDSTADDR ... not found checking for IP_SENDSRCADDR ... not found checking for IP_PKTINFO ... found checking for IPV6_RECVPKTINFO ... found checking for TCP_DEFER_ACCEPT ... found checking for TCP_KEEPIDLE ... found checking for TCP_FASTOPEN ... not found checking for TCP_INFO ... found checking for accept4() ... found checking for eventfd() ... found checking for int size ... 4 bytes checking for long size ... 8 bytes checking for long long size ... 8 bytes checking for void * size ... 8 bytes checking for uint32_t ... found checking for uint64_t ... found checking for sig_atomic_t ... found checking for sig_atomic_t size ... 4 bytes checking for socklen_t ... found checking for in_addr_t ... found checking for in_port_t ... found checking for rlim_t ... found checking for uintptr_t ... uintptr_t found checking for system byte ordering ... little endian checking for size_t size ... 8 bytes checking for off_t size ... 8 bytes checking for time_t size ... 8 bytes checking for AF_INET6 ... found checking for setproctitle() ... not found checking for pread() ... found checking for pwrite() ... found checking for pwritev() ... found checking for sys_nerr ... found checking for localtime_r() ... found checking for posix_memalign() ... found checking for memalign() ... found checking for mmap(MAP_ANON|MAP_SHARED) ... found checking for mmap("/dev/zero", MAP_SHARED) ... found checking for System V shared memory ... found checking for POSIX semaphores ... not found checking for POSIX semaphores in libpthread ... found checking for struct msghdr.msg_control ... found checking for ioctl(FIONBIO) ... found checking for struct tm.tm_gmtoff ... found checking for struct dirent.d_namlen ... not found checking for struct dirent.d_type ... found checking for sysconf(_SC_NPROCESSORS_ONLN) ... found checking for openat(), fstatat() ... found checking for getaddrinfo() ... found checking for PCRE library ... found checking for PCRE JIT support ... not found checking for OpenSSL library ... found checking for zlib library ... found creating objs/Makefile Configuration summary + using system PCRE library + using system OpenSSL library + using system zlib library nginx path prefix: "/app/nginx-1.13.1" nginx binary file: "/app/nginx-1.13.1/sbin/nginx" nginx modules path: "/app/nginx-1.13.1/modules" nginx configuration prefix: "/app/nginx-1.13.1/conf" nginx configuration file: "/app/nginx-1.13.1/conf/nginx.conf" nginx pid file: "/app/nginx-1.13.1/logs/nginx.pid" nginx error log file: "/app/nginx-1.13.1/logs/error.log" nginx http access log file: "/app/nginx-1.13.1/logs/access.log" nginx http client request body temporary files: "client_body_temp" nginx http proxy temporary files: "proxy_temp" nginx http fastcgi temporary files: "fastcgi_temp" nginx http uwsgi temporary files: "uwsgi_temp" nginx http scgi temporary files: "scgi_temp"
2. make
3. make install
4. key 파일과 csr 파일 생성
$ openssl req -new -newkey rsa:2048 -nodes -keyout jeeg.key -out jeeg.csr Generating a 2048 bit RSA private key .................................+++ ......+++ writing new private key to 'jeeg.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:KR State or Province Name (full name) []:Korea Locality Name (eg, city) [Default City]:Seoul Organization Name (eg, company) [Default Company Ltd]:sarc Organizational Unit Name (eg, section) []:sarc Common Name (eg, your name or your server's hostname) []:NginxTest Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:입력 An optional company name []:입력
5. crt 파일 생성
$ openssl x509 -req -days 365 -in jeeg.csr -signkey jeeg.key -out jeeg.crt Signature ok subject=/C=KR/ST=Korea/L=Seoul/O=sarc/OU=sarc/CN=NginxTest Getting Private key
6. nginx.conf 수정 (SSL 설정 추가)
server { listen 443; server_name NginxTest; ssl on; ssl_certificate /app/nginx-1.13.1/cert/jeeg.crt; ssl_certificate_key /app/nginx-1.13.1/cert/jeeg.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; }
7. 바이너리 확인
$ ./nginx -V nginx version: nginx/1.13.1 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/app/nginx-1.13.1 --with-http_ssl_module
8.