AmazonLinux에 최신 버전의 Nginx(mainline) 설치
10288 단어 nginxAmazonLinux
목적
설정
/etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/6/$basearch/
gpgcheck=1
enabled=1
gpgkey=http://nginx.org/keys/nginx_signing.key
[nginx-source]
name=nginx source
baseurl=http://nginx.org/packages/mainline/centos/6/SRPMS/
gpgcheck=1
enabled=0
gpgkey=http://nginx.org/keys/nginx_signing.key
# yum --disablerepo=amzn-main --disablerepo=amzn-updates install nginx
(snip)
Installed:
nginx.x86_64 0:1.13.5-1.el6.ngx
Complete!
# yum install yum-cron
(snip)
Installed:
yum-cron.noarch 0:3.4.3-150.70.amzn1
Dependency Installed:
yum-cron-daily.noarch 0:3.4.3-150.70.amzn1
Complete!
# cp --backup=number -f /etc/yum/yum-cron.conf /etc/yum/yum-cron.conf
/etc/yum/yum-cron.conf
# diff yum-cron.conf yum-cron.conf.~1~
20c20
< apply_updates = yes
---
> apply_updates = no
/etc/nginx/nginx.conf
# cp --backup=number -f /etc/nginx/nginx.conf /etc/nginx/nginx.conf
# diff nginx.conf nginx.conf.~1~
3c3
< worker_processes auto;
---
> worker_processes 1;
32,33d31
<
< server_tokens off;
# yum install httpd-tools
# htpasswd -c -m /etc/nginx/.htpasswd <username>
New password:
Re-type new password:
Adding password for user <username>
/etc/nginx/conf.d/default.conf
server {
listen 80;
server_name <xxxx>.com;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
auth_basic "enter password";
auth_basic_user_file /etc/nginx/.htpasswd;
}
(snip)
확인
https 대응
$ sudo make <xxxx>-server.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > <xxxx>-server.key
Generating RSA private key, 2048 bit long modulus
..............................................................................+++
................+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
# openssl rsa -in <xxxx>-server.key -out <xxxx>-server.nopass.key
# chmod 400 <xxxx>-server.nopass.key
$ sudo make <xxxx>-server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key <xxxx>-server.key -out <xxxx>-server.csr
Enter pass phrase for <xxxx>-server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:<xxxx>-ku
Organization Name (eg, company) [Default Company Ltd]:<xxxx> Co., Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:<secondlevel-domain>.com
Email Address []:<xxxx>@<xxxx>.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
인증서 설정
/etc/nginx/conf.d/default.conf
server {
listen 443 ssl;
server_name <xxxx>.com;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/pki/tls/certs/<xxxx>-server.crt;
ssl_certificate_key /etc/pki/tls/certs/<xxxx>-server.nopass.key;
root /usr/share/nginx/html;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
auth_basic "enter password";
auth_basic_user_file /etc/nginx/.htpasswd;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
(snip)
server {
listen 80;
return 301 https://$host$request_uri; #redirect
}
server {
listen 443 ssl;
add_header Strict-Trancport-Security max-age=15768000; #HTTP Strict Transport Security
server_name <xxxx>.com;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/pki/tls/certs/<xxxx>-server.crt;
ssl_certificate_key /etc/pki/tls/certs/<xxxx>-server.nopass.key;
root /usr/share/nginx/html;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
#auth_basic "enter password";
#auth_basic_user_file /etc/nginx/.htpasswd;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
(snip)
/etc/nginx/nginx.conf
(snip)
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format https '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'"$ssl_protocol/$ssl_cipher"';
access_log /var/log/nginx/access.log https;
(snip)
}
HTTPS 가속화
server {
listen 80;
return 301 https://$host$request_uri; #redirect
}
server {
listen 443 ssl;
add_header Strict-Trancport-Security max-age=15768000; #HTTP Strict Transport Security
server_name <xxxx>.com;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/pki/tls/certs/<xxxx>-server.crt;
ssl_certificate_key /etc/pki/tls/certs/<xxxx>-server.nopass.key;
root /usr/share/nginx/html;
ssl_session_timeout 1d; #1day
ssl_session_cache shared:SSL:50m; #1m=4000session
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
#auth_basic "enter password";
#auth_basic_user_file /etc/nginx/.htpasswd;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
측정
Reference
이 문제에 관하여(AmazonLinux에 최신 버전의 Nginx(mainline) 설치), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/ldr/items/df81976713c28d3af4ae텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)