安装openssl nginx开启tsl1.3
yum install -y gcc gcc-c++ perl pcre-devel openssl openssl-devel
cd /soft/bak
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar zxvf openssl-1.1.1g.tar.gz
mv openssl-1.1.1g /soft/openssl
cd /soft/openssl
./config
make && make install
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/
openssl version
安装ngx_brotli
cd /soft
git clone https://github.com/google/ngx_brotli.git
cd /soft/ngx_brotli
git submodule update --init
安装nginx
官方安装方法
安装TSL1.3 泛域名证书
分别为每个域名手工生成证书certbot certonly --nginx --nginx-server-root=/soft/nginx/conf
尽量保证页面中全部连接使用https 例如js/css等 否则在监控台和地址栏证书位置可能会报错
-j2表示两个线程并行 提高编译效率 但是对makefile文件有要求 必须依赖关系明确 否则某一线程会找不到依赖
cd /soft/bak
wget http://nginx.org/download/nginx-1.18.0.tar.gz
tar -zxvf nginx-1.18.0.tar.gz
cd /soft/bak/nginx-1.18.0
./configure --prefix=/soft/nginx \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-file-aio \
--with-http_realip_module \
--with-http_ssl_module \
--with-openssl=/soft/openssl \
--with-openssl-opt=enable-tls1_3 \
--add-module=/soft/ngx_brotli
make -j2&& make install
mv /www/conf.d /soft/nginx/web
vi /etc/profile
export PATH=$PATH:/soft/nginx/sbin
source /etc/profile