1、安装升级openssl
2、创建ssl证书,并配置到nginx服务器
代码:
listen 443 ssl;
#listen [::]:80 default_server ipv6only=on;
server_name xxxxx.com;
index index.php;
root /home/www/;
ssl on;
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/server.key;
openssl genrsa -des3 -out private.key 2048 //生成私钥
openssl req -new -key private.key -out server.csr //生成证书请求,Common Nam为服务器域名
openssl rsa -in private.key -out server.key //生成服务器的私钥,去除密钥口令
openssl x509 -req -in server.csr -out server.crt -outform pem -signkey server.key -days 3650 //使用私钥为证书请求签名,生成给服务器签署的证书,格式是x509的PEM格式
sudo openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650
nginx配置如下:
listen 80 default_server;
listen 443 ssl;
#listen [::]:80 default_server ipv6only=on;
server_name xxxxx.com;
index index.php;
root /home/www/;
ssl on;
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/server.key;