Nginx配置https访问
证书生成
生成server key
openssl genrsa -des3 -out server.key 2048
创建签名请求
openssl req -new -key server.key -out server.csr
创建签名证书
openssl req -new -x509 -key server.key -out ca.crt -days 3650
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
配置nginx
如果删除了key的密码,只需要这样配置
server {
listen 1111;
server_name 1.1.1.1;
# SSL config
ssl_certificate /etc/security/cacert/server.crt;
ssl_certificate_key /etc/security/cacert/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location XXX {
XXX
}
}
如果是通过上面的步骤生成的证书,需要再把ssl key的密码写到一个文件,然后配置ssl_password_file /etc/security/cacert/password;