参考文章:http://blog.csdn.net/weixin_35884835/article/details/52588157
1.在配置https之前,请先确认是否已经安装openssl
[root@localhost conf]# openssl version -a
出现以下情况,则表示该openssl已经安装,且较为安全(bult在2014之后的)
built on: Tue Sep 27 13:37:25 UTC 2016
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: dynamic
若是未安装openssl,则执行以下命令
[root@localhost conf]# yum install openssl
再次进行升级
[root@localhost conf]# yum install openssl
2.生成证书
进入nginx所在目录
[root@localhost conf]# cd /usr/local/nginx/
创建服务器私钥,按要求填写即可
openssl genrsa -des3 -out server.key 1024
在加载SSL支持的Nginx并使用上述私钥时除去必须的口令
[root@localhost conf]# cp server.key server.key.org
[root@localhost conf]# cp server.key server.key.org
最后标记证书使用上述私钥和CSR
[root@localhost conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
3.配置nginx.conf,在http{}中配置即可,
[root@localhost conf]# vim nginx.conf
# # HTTPS server configuration # server { listen 443; server_name 192.168.100.169; # server { listen 443; server_name 192.168.100.169; ssl on; ssl_certificate /usr/local/nginx/server.crt; ssl_certificate_key /usr/local/nginx/server.key; ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; # ssl_prefer_server_ciphers on; location / { root /data/wwwroot/default; index testssl.html index.html index.htm index.php; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.100.169/; } location ~ /services/.*$ { if ($server_port ~ "^80$"){ set $rule_0 1$rule_0; } if ($rule_0 = "1"){ rewrite /(.*) https://192.168.100.169/$1 permanent; break; } } }
4.访问https://IP地址(https://192.168.100.169),成功的话,如下图所示:![]()