Centos下nginx支持https协议

时间:2016-07-12 01:23来源:blog.51cto.com 作者:极速前行 的BLOG 举报 点击:
1、首先配置nginx及其他插件,这个Google下,很多配置方案。
2、配置服务器的证书。操作步骤如下:
[root@localhost ~]# cd /etc/pki/tls/certs 
[root@localhost certs]# make server.key 
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
......................................................++++++
.............++++++
e is 61251 (0x10001)
Enter pass phrase:# set passphrase
Verifying - Enter pass phrase:# confirm
# remove passphrase from private key
[root@localhost certs]# openssl rsa -in server.key -out server.key 
Enter pass phrase for server.key:# input passphrase
writing RSA key
[root@localhost certs]#
[root@localhost certs]# make server.csr 
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #country
State or Province Name (full name) [e]:Beijing   #state
Locality Name (eg, city) [Default City]:Beijing  #city
Organization Name (eg, company) [Default Company Ltd]:Test   #company
Organizational Unit Name (eg, section) []:Test Haha   #department
Common Name (eg, your server's hostname) []:www.test.com   #server's FQDN
Email Address []:admin@test.com # email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:# Enter
An optional company name []:# Enter
[root@localhost certs]#
[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com 
Getting Private key
[root@localhost certs]# chmod 400 server.*
3、配置nginx的conf文件
#server {
#       listen 80;
#       server_name happy.cc.com;
#       rewrite ^(.*)$  permanent;
#      }
server {
       listen 80;
       listen 443 ssl;
       server_name happy.cc.com;
       location / {
       root   /data/www/cloud;
       index  index.html;                                                                                                                                                                                                                   
       }
       ssl on;
       ssl_certificate /data/webserver/nginx/conf/server.crt;
       ssl_certificate_key /data/webserver/nginx/conf/server.key;
       ssl_session_timeout 5m;
       ssl_protocols  SSLv3 TLSv1;
       ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
       ssl_prefer_server_ciphers   on;
       #autoindex on;
       location = /favicon.ico {
       log_not_found off;
       access_log off;
       }
       location ~ \.php$ {
       root           /data/www/cloud;
       fastcgi_pass   unix:/tmp/php-cgi.sock;
       #fastcgi_pass   127.0.0.1:9000;
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  /data/www/cloud$fastcgi_script_name;
       include        fastcgi_params;
       }
       location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)\$
       {
       expires 30d;
       }
       location ~ .*\.(js|css)?\$
       {
       expires 1h;
       }
      access_log /data/log/nginx/happy.access.log access;
      error_log /data/log/nginx/happy.error.log warn;
     }
4、打开iptables的443端口
------分隔线----------------------------
发表评论
为了和诣的生活,我关闭了评论页面,请大家到QQ群里交流吧:348944156,也欢迎关注本站微信公众号:centoscn
推荐内容