前端之家收集整理的这篇文章主要介绍了
Centos下nginx支持https协议,
前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
1、首先配置Nginx及其他插件,这个Google下,很多配置方案。
2、配置服务器的证书。操作步骤如下:
[root@localhost~]#cd/etc/pki/tls/certs
[root@localhostcerts]#makeserver.key
umask77;\
/usr/bin/opensslgenrsa-aes1282048>server.key
GeneratingRSAprivatekey,2048bitlongmodulus
......................................................++++++
.............++++++
eis61251(0x10001)
Enterpassphrase:#setpassphrase
Verifying-Enterpassphrase:#confirm
#removepassphrasefromprivatekey
[root@localhostcerts]#opensslrsa-inserver.key-outserver.key
Enterpassphraseforserver.key:#inputpassphrase
writingRSAkey
[root@localhostcerts]#
[root@localhostcerts]#makeserver.csr
umask77;\
/usr/bin/opensslreq-utf8-new-keyserver.key-outserver.csr
Youareabouttobeaskedtoenterinformationthatwillbeincorporated
intoyourcertificaterequest.
WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN.
Therearequiteafewfieldsbutyoucanleavesomeblank
Forsomefieldstherewillbeadefaultvalue,Ifyouenter'.',thefieldwillbeleftblank.
-----
CountryName(2lettercode)[XX]:CN#country
StateorProvinceName(fullname)[e]:Beijing#state
LocalityName(eg,city)[DefaultCity]:Beijing#city
OrganizationName(eg,company)[DefaultCompanyLtd]:Test#company
OrganizationalUnitName(eg,section)[]:TestHaha#department
CommonName(eg,yourserver'shostname)[]:www.test.com#server'sFQDN
EmailAddress[]:admin@test.com#emailaddress
Pleaseenterthefollowing'extra'attributes
tobesentwithyourcertificaterequest
Achallengepassword[]:#Enter
Anoptionalcompanyname[]:#Enter
[root@localhostcerts]#
[root@localhostcerts]#opensslx509-inserver.csr-outserver.crt-req-signkeyserver.key-days3650
Signatureok
subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=TestHaha/CN=www.test.com,/emailAddress=admin@test.com
GettingPrivatekey
[root@localhostcerts]#chmod400server.*
3、配置Nginx的conf文件
#server{
#listen80;
#server_namehappy.cc.com;
#rewrite^(.*)$permanent;
#}
server{
listen80;
listen443ssl;
server_namehappy.cc.com;
location/{
root/data/www/cloud;
indexindex.html;
}
sslon;
ssl_certificate/data/webserver/Nginx/conf/server.crt;
ssl_certificate_key/data/webserver/Nginx/conf/server.key;
ssl_session_timeout5m;
ssl_protocolsSSLv3TLSv1;
ssl_ciphersALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_cipherson;
#autoindexon;
location=/favicon.ico{
log_not_foundoff;
access_logoff;
}
location~\.PHP${
root/data/www/cloud;
fastcgi_passunix:/tmp/php-cgi.sock;
#fastcgi_pass127.0.0.1:9000;
fastcgi_indexindex.PHP;
fastcgi_paramSCRIPT_FILENAME/data/www/cloud$fastcgi_script_name;
includefastcgi_params;
}
location~.*\.(gif|jpg|jpeg|png|bmp|swf)\$
{
expires30d;
}
location~.*\.(js|css)?\$
{
expires1h;
}
access_log/data/log/Nginx/happy.access.logaccess;
error_log/data/log/Nginx/happy.error.logwarn;
}
4、打开iptables的443端口 原文链接:https://www.f2er.com/centos/381694.html
