nginx配置https

1.1检查Nginx的SSL模块是否安装

[root@web-node1~]# /application/nginx/sbin/nginx -V
nginx version: nginx/1.6.3
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
TLS SNI support enabled
configure arguments: –prefix=/application/nginx-1.6.3 –user=nginx –group=nginx –with-http_ssl_module –with-http_stub_status_module
1.2准备私钥和证书

1.2.1创建服务器私钥

[root@web-node1~]# cd /application/nginx/conf/
[root@web-node1 conf]# mkdir key
[root@web-node1 conf]# cd key/
[root@web-node1 key]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..++++++
…++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying – Enter pass phrase for server.key:
1.2.2签发证书

[root@web-node1 key]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:TEST
Organizational Unit Name (eg, section) []:TEST
Common Name (eg, your name or your server’s hostname) []:TEST
Email Address []:test@test.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
1.2.3删除服务器私钥口令

[root@web-node1 key]# cp server.key server.key.ori
[root@web-node1 key]# openssl rsa -in server.key.ori -out server.key
Enter pass phrase for server.key.ori:
writing RSA key
1.2.4生成使用签名请求证书和私钥生成自签证书

[root@web-node1 key]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=SDU/OU=SA/CN=XuBuSi/emailAddress=xubusi@xuliangwei.com
Getting Private key
1.3开启Nginx SSL

[root@web-node1 ~]# cat /application/nginx/conf/vhosts/www.conf
server {
server_nameblog.xuliangwei.com;
#listen 80;
listen 443;
ssl on;
ssl_certificate key/server.crt;
ssl_certificate_key key/server.key;

location / {
roothtml/blog;
index index.php index.html index.htm;
access_log /app/logs/blog.xuliangwei.log main;
}
}
1.3.1重启nginx生效

[root@web-node1 ~]# /application/nginx/sbin/nginx -s reload
[root@web-node1 ~]# netstat -lntup|grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1711/nginx

打赏