打铁趁热,上篇写了tomcat配置https,现在是nginx的。说实话,nginx配置https也不会,但是公司有需求,没办法,效率是低了点,被喷也是。。。无情啊。
官网文档:http://nginx.org/en/docs/http/configuring_https_servers.html
这个其实也是在网上找的,感谢各位网友提供的资料,但是确实是忘了保存原url了,求原谅。有问题请留言,一起讨论^_^
前提:
1.安装了openssl&&openssl-devel
yum -y install openssl openssl-devel
2.nginx加载了–with-http_ssl_module模块,如果没有加载可以重新编译加载
/opt/nginx/sbin/nginx -V #查看nginx的模块
##如果没有则重新编译
cd /home/download/nginx
./configure --prefix=/opt/nginx --with-http_ssl_module
make && make install
配置
生成证书
cd /opt/nginx/conf
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl rsa -in server.key -out server.pem
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
修改nginx.conf,加载ssl证书
vim /opt/nginx/conf/nginx.conf
server {
listen 443 ssl;
ssl on;
ssl_certificate /opt/nginx/conf/server.crt;
ssl_certificate_key /opt/nginx/conf/server.key;
fastcgi_param HTTPS $https if_not_empty; #有https协议时自动使用https,否则忽略这个参数。
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}