注意:要实现https,nginx在编译的时候必须编译了–with-http_ssl_module模块
1.配置nginx服务器
[root@server1 ~]# cd /usr/local/nginx/conf/
[root@server1 conf]# vim nginx.conf
108 # HTTPS server
109 #
110 server {
111 listen 443 ssl;
112 server_name www.westos.org; #服务器名称
113
114 ssl_certificate cert.pem;
115 ssl_certificate_key cert.pem; #更改私钥
116
117 ssl_session_cache shared:SSL:1m;
118 ssl_session_timeout 5m;
119
120 ssl_ciphers HIGH:!aNULL:!MD5;
121 ssl_prefer_server_ciphers on;
122
123 location / {
124 root /web; #更改发布目录
125 index index.html index.htm;
126 }
127 }
2.生成自签名证书
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem
.....
-----
Country Name (2 letter code) [XX]:cn #国家
State or Province Name (full name) []:shannxi #省份
Locality Name (eg, city) [Default City]:xi'an #城市
Organization Name (eg, company) [Default Company Ltd]:westos #机构名称
Organizational Unit Name (eg, section) []:linux #组织单位名称
Common Name (eg, your name or your server's hostname) []:server1 #nginx服务器名称
Email Address []:root@westos.org #邮件地址
[root@server1 certs]# ls
ca-bundle.crt cert.pem Makefile
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@server1 certs]# cp cert.pem /usr/local/nginx/conf/ #将钥匙复制到配置目录
3.建立发布目录以及测试文件
[root@server1 conf]# mkdir /web
[root@server1 conf]# vim /web/index.html
[root@server1 conf]# cat /web/index.html
https:server1 test
4.启动或重新加载nginx
若nginx以启动则使用命令 nginx -s reload重新加载,若没有启动则直接开启:
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx
5.测试
在客户端写好www.westos.org的解析后,使用浏览器访问https://www.westos.org/:
需要下载密匙才可访问