准备工作
- nginx 1.7.8(高版本可能会出现问题,见参考中的第三个链接中的 issue)
- nginx 模块:ngx_http_google_filter_module
- pcre
- openssl
- ngx_http_substitutions_filter_module
操作
命令操作
cd /www/source_code
# 下载所需工具
wget http://nginx.org/download/nginx-1.7.8.tar.gz
git clone https://github.com/cuber/ngx_http_google_filter_module
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
wget http://mirrors.linuxeye.com/oneinstack/src/pcre-8.39.tar.gz
wget http://mirrors.linuxeye.com/oneinstack/src/openssl-1.0.2j.tar.gz
# 解包
tar xzf pcre-8.39.tar.gz
tar xzf openssl-1.0.2j.tar.gz
tar xzf nginx-1.7.8.tar.gz
cd nginx-1.7.8
# 编译
./configure --user=www --group=www --prefix=/www/server/nginx --with-openssl=/www/source_code/openssl-1.0.2j --with-pcre=/www/source_code/pcre-8.39 --with-pcre-jit --with-ld-opt=-ljemalloc --add-module=../ngx_http_google_filter_module --add-module=../ngx_http_substitutions_filter_module --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-ipv6 --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-ld-opt=-Wl,-E --with-openssl-opt='enable-tls1_3 enable-weak-ssl-ciphers'
make
# 替换已有的版本
cp objs/nginx /usr/bin/nginx
cp objs/nginx /bin/nginx
安装 Let’s Encrypt
调整 nginx 配置文件
server {
listen 443 ssl;
server_name <调整为你的域名>;
ssl_certificate /www/keys/cert.pem;
ssl_certificate_key /www/keys/cert_key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_ciphers CHACHA20:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
ssl_session_cache builtin:1000 shared:SSL:10m;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
location / {
google on;
google_scholar on;
google_language en;
}
}
server {
listen 80;
server_name <调整为你的域名>;
rewrite ^(.*)$ https://$host$1 permanent;
}
最后重启 nginx
service nginx restart
参考
- https://jszbug.com/nginx-reverse-proxy-google.html
- https://github.com/cuber/ngx_http_google_filter_module
- https://github.com/cuber/ngx_http_google_filter_module/issues/152