CentOS7编译安装Nginx使其支持TLS1.3-工具盒子

Nginx最新的稳定版已经默认支持TLS1.3协议了，唯一值得注意的就是openssl的版本支持，如果你不想编译，建议使用wlnmp提供的源，一键yum安装Nginx，仅需要3步就可以搞定了。

yum直接安装方式：
yum install epel-release rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm yum install wnginx

|-------|----------------------------------------------------------------------------------------------------------------------| | 1 2 3 | yum install epel-release rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm yum install wnginx |

编译安装方式：

1、安装所需依赖
yum install wget gcc gcc-c++ pcre pcre-devel openssl openssl-devel zlib zlib-devel perl-core

|---|----------------------------------------------------------------------------------------------| | 1 | yum install wget gcc gcc-c++ pcre pcre-devel openssl openssl-devel zlib zlib-devel perl-core |

2、下载Nginx
cd /usr/local/src wget http://nginx.org/download/nginx-1.16.1.tar.gz tar xf nginx-1.16.1.tar.gz

|-------|-------------------------------------------------------------------------------------------------| | 1 2 3 | cd /usr/local/src wget http://nginx.org/download/nginx-1.16.1.tar.gz tar xf nginx-1.16.1.tar.gz |

3、下载openssl
cd /usr/local/src/nginx-1.16.1 wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz tar xf openssl-1.1.1d.tar.gz

|-------|-----------------------------------------------------------------------------------------------------------------------| | 1 2 3 | cd /usr/local/src/nginx-1.16.1 wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz tar xf openssl-1.1.1d.tar.gz |

4、创建nginx启动用户
useradd -s /bin/false -M www

|---|------------------------------| | 1 | useradd -s /bin/false -M www |

5、编译Nginx
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-openssl=openssl-1.1.1d make make install

|-------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 | ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_sub_module --with-openssl=openssl-1.1.1d make make install |

6、设置nginx软链接或自行添加环境变量
ln -sv /usr/local/nginx/sbin/nginx /usr/local/sbin/

|---|-----------------------------------------------------| | 1 | ln -sv /usr/local/nginx/sbin/nginx /usr/local/sbin/ |

7、配置nginx服务并设置开机启动
wget -P /etc/init.d/ https://down.whsir.com/downloads/nginx chmod +x /etc/init.d/nginx chkconfig --add nginx chkconfig nginx on

|---------|---------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 4 | wget -P /etc/init.d/ https://down.whsir.com/downloads/nginx chmod +x /etc/init.d/nginx chkconfig --add nginx chkconfig nginx on |

至此nginx已支持TLS1.3，只需要在nginx中配置下TLS1.3即可生效

8、验证

我这里省略了nginx的配置，如果你连ssl都不会配置，你也不会来看TLS1.3。

我这里以谷歌浏览器为例，通过F12，在Security可以看到TLS1.3是生效的。