HTTPS相对于HTTP提供了更高级别的数据保护和安全性,尤其适合处理敏感信息如个人数据、支付信息等,而HTTP则更适合对安全性要求不高的普通网页浏览。随着网络安全意识的提升和搜索引擎的推动,HTTPS正逐渐成为网络通信的标准。
配置自签证书
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
# openssl req生成证书
# -x509 输出 x509 结构而不是证书。
# -nodes 不加密输出密钥
# -days -x509 生成的证书的有效天数。
# -newkey rsa:2048 生成大小为"位"的新 RSA 密钥
# -keyout 要将密钥发送到的文件
# -out 输出文件#创建证书存放目录
mkdir /usr/local/ssl
#创建证书文件
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
Generating a 2048 bit RSA private key
....+++
.........+++
writing new private key to '/usr/local/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:Zheng Zhou
Organization Name (eg, company) [Default Company Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:www.test.com
Email Address []:.
#输入错误摁Ctrl+c之后重新执行这条命令即可
[root@localhost ~]# ls /usr/local/ssl/
nginx.crt nginx.key
Nginx配置
#编译安装nginx
#上传nginx-1.12.2.tar.gz安装包
yum -y install openssl openssl-devel make zlib-devel gcc gcc-c++ libtoo
useradd -M -s/sbin/nologin nginx
tar zxf nginx-1.12.2.tar.gz
cd nginx-1.12.2
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
#添加软链接方便启动
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
ls -l /usr/local/sbin/nginx编辑配置文件
vim /usr/local/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name www.text.com;
ssl_certificate /usr/local/ssl/nginx.crt;
ssl_certificate_key /usr/local/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
server_tokens off;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
location / {
root /usr/local/nginx/html;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.test.com;
rewrite ^/(.*)$ https://www.test.com/$1 permanent;
location / {
root /usr/local/nginx/html;
index index.html index.htm;
}
#添加或修改server段
# rewrite ^/(.*)$ https://www.test.com/$1 permanent;重写规则,如果有人访问http就会自动重写到https
#检查配置文件是否出错
nginx -t
#启动nginx
nginx
#停止nginx
nginx -s stop
#重新启动nginx
nginx -s reload
我这边修改了一个,也可以直接全部复制上。
启动之后可以访问验证一下
需要在验证客户机做域名解析
echo '192.168.10.51 www.test.com' >> /etc/hosts
cat /etc/hosts因为是自签证书,所以不被浏览器认可就会弹出风险提示
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
