本文转自我的博客,转载请申明地址:http://www.heartlifes.com/archives/12/
首先,nginx在编译安装时得安装ssl模块 上传ssl证书到服务器/usr/local/nginx/ssl/xxx.pfx
生成证书crt可key
<pre><code>openssl pkcs12 -in /usr/local/nginx/ssl/xxx.pfx -clcerts -nokeys -out /usr/local/nginx/ssl/xxx.crt openssl pkcs12 -in /usr/local/nginx/ssl/xxx.pfx -nocerts -nodes -out /usr/local/nginx/ssl/xxx.rsa </code></pre>
验证证书正确性
<pre><code>openssl s_server -www -accept 443 -cert /usr/local/nginx/ssl/xxx.crt -key /usr/local/nginx/ssl/xxx.rsa</code></pre>
配置nginx
<pre><code>server { listen 443; server_name localhost; ssl on; ssl_certificate /usr/local/nginx/ssl/xxx.crt; ssl_certificate_key /usr/local/nginx/ssl/xxx.rsa; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location ~ /api/(.*) { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Ssl on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://serverAPI; } }</code></pre>