之前说了如何配置安装nginx,下面说一下给redhat6.5的nginx配置https服务,这里采用对称加密算法。
1、通过ssh连接服务器:
ssh root@192.168.3.223
2、使用cd命令切换到/etc/pki/tls/certs
3、使用如下命令生成密钥文件
make nginx.pem
4、则会进入如下界面:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > nginx.pem ; \
echo "" >> nginx.pem ; \
cat $PEM2 >> nginx.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
.................+++
..................................+++
writing new private key to '/tmp/openssl.fH3NeF'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
然后按照提示进行地区的设置,以下信息仅供参考:
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:3g
Organizational Unit Name (eg, section) []:mobile
Common Name (eg, your name or your server's hostname) []:server.example.com
Email Address []:root@server.example.com
5、将生成的nginx.pem拷贝到nginx的配置文件目录:
cp ./nginx.pem /usr/local/nginx/conf/
6、切换到nginx的配置文件目录:
cd /usr/local/nginx/conf/
8、在配置文件nginx.config中添加如下信息:
server {
listen 443 ssl;
server_name 192.168.3.223;
ssl_certificate nginx.pem;
ssl_certificate_key nginx.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
9、测试https是否配置成功
nginx -t
若输出如下信息,则配置成功:
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
10.可以在真机上用firefox访问进行测试。
至此,nginx的https模块配置已经完成。