生成ssl证书
1.需要安装的软件
yum install openssl
yum install openssl-devel
2.创建证书目录
mkdir /usr/local/ssk
cd /usr/local/ssk
3.创建本地私有秘钥
openssl genrsa -out ssl.key 2048
4.输入信息
openssl req -new -key ssl.key -out ssl.csr
5.创建crt证书
openssl x509 -req -days 1460 -in ssl.csr -signkey ssl.key -out ssl.crt
6.创建pem证书
openssl dhparam -out ssl.pem 2048
安装nginx
1.安装
## 解压
tar -zxvf nginx-1.9.9.tar.gz
##进入nginx目录
cd nginx-1.9.9
## 配置 需配置ssl模块 --with-http_ssl_module 其他模块看自己需求
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module
# make
make
make install
2.配置
#################
server {
listen 8080;
server_name 192.168.35.130;
rewrite ^ https://$server_name$request_uri? permanent;
}
#################
server {
listen 443 ssl;
server_name 192.168.35.130;
ssl_certificate /prouser/ssk/ssl.crt;
ssl_certificate_key /prouser/ssk/ssl.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
3.启动
cd /usr/local/nginx/sbin
./nginx
访问
192.168.35.130:8080