背景：公司安排安装了一款开源的知识库，配置完成后是IP+端口的形式访问，现在需要安装nginx并配置ssl证书，实现https访问，最后在公司DNS服务器上，对应证书域名下新建主机，将自定义的域名指向此知识库的IP。

解决方法如下：

1、编译安装nginx，并加载ssl模块
下载nginx源码包，编译安装
./configure --prefix=/etc/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
如果是第一次没装ssl模块，补充编译的，则只需要执行make即可。
本次我是第一次没装的情况，所以执行make后，需要手动更换nginx
执行完make后，编译目录下会生成objs目录，将其中的nginx与当前的做一下替换，如下：
[root@localhost nginx-1.25.4]# ll
total 828
drwxr-xr-x. 6  502 games   4096 Mar 27 10:56 auto
-rw-r--r--. 1  502 games 326027 Feb 15  2024 CHANGES
-rw-r--r--. 1  502 games 498741 Feb 15  2024 CHANGES.ru
drwxr-xr-x. 2  502 games    168 Mar 27 10:56 conf
-rwxr-xr-x. 1  502 games   2611 Feb 15  2024 configure
drwxr-xr-x. 4  502 games     72 Mar 27 10:56 contrib
drwxr-xr-x. 2  502 games     40 Mar 27 10:56 html
-rw-r--r--. 1  502 games   1397 Feb 15  2024 LICENSE
-rw-r--r--. 1 root root     414 Mar 27 13:56 Makefile
drwxr-xr-x. 2  502 games     21 Mar 27 10:56 man
drwxr-xr-x. 4 root root     187 Mar 27 13:57 objs
-rw-r--r--. 1  502 games     49 Feb 15  2024 README
drwxr-xr-x. 9  502 games     91 Feb 15  2024 src
[root@localhost nginx-1.25.4]# mv /etc/nginx/sbin/nginx /etc/nginx/sbin/nginx.bak
[root@localhost nginx-1.25.4]# cp objs/nginx /etc/nginx/sbin/
[root@localhost nginx-1.25.4]# /etc/nginx/sbin/nginx -V
nginx version: nginx/1.25.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --with-http_stub_status_module --with-http_ssl_module
查看版本可以看到nginx加载ssl模块成功
2、编辑nginx.conf
[root@localhost nginx-1.25.4]# cat /etc/nginx/conf/nginx.conf #只改动最下方https的server部分即可
#user  nobody;
worker_processes  1;#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;#pid        logs/nginx.pid;events {worker_connections  1024;
}http {include       mime.types;default_type  application/octet-stream;#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '#                  '$status $body_bytes_sent "$http_referer" '#                  '"$http_user_agent" "$http_x_forwarded_for"';#access_log  logs/access.log  main;sendfile        on;#tcp_nopush     on;#keepalive_timeout  0;keepalive_timeout  65;#gzip  on;server {listen       80;server_name  localhost;#charset koi8-r;#access_log  logs/host.access.log  main;location / {root   html;index  index.html index.htm;}#error_page  404              /404.html;# redirect server error pages to the static page /50x.html#error_page   500 502 503 504  /50x.html;location = /50x.html {root   html;}# proxy the PHP scripts to Apache listening on 127.0.0.1:80##location ~ \.php$ {#    proxy_pass   http://127.0.0.1;#}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000##location ~ \.php$ {#    root           html;#    fastcgi_pass   127.0.0.1:9000;#    fastcgi_index  index.php;#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;#    include        fastcgi_params;#}# deny access to .htaccess files, if Apache's document root# concurs with nginx's one##location ~ /\.ht {#    deny  all;#}}# another virtual host using mix of IP-, name-, and port-based configuration##server {#    listen       8000;#    listen       somename:8080;#    server_name  somename  alias  another.alias;#    location / {#        root   html;#        index  index.html index.htm;#    }#}# HTTPS serverserver {listen       443 ssl;server_name  localhost;ssl_certificate      /etc/nginx/ssl/Nginx/STAR_hymson_com_integrated.crt;ssl_certificate_key  /etc/nginx/ssl/Nginx/STAR_hymson_com.key;ssl_session_cache    shared:SSL:1m;ssl_session_timeout  5m;ssl_ciphers  HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers  on;location / {# root   html;# index  index.html index.htm;proxy_pass http://10.10.81.15:10086;}}
}

保存退出，重启nginx

之后再去DNS服务器上新建一个自定义的域名，并且将他指向此IP，之后网页访问就是安全连接了