#生成密钥和CA证书
#
#1.检查是否安装openssl
#openssl version
#2.确认nginx是否有http_ssl_module
#--with-http_ssl_module
#nginx -v
#3.生成key密钥
#openssl genrsa -idea -out cyw.key 1024
#4.生成证书签名请求文件(csr文件)
#openssl req -new -key cyw.key -out cyw.csr
#5.生成证书签名文件(CA文件)
#openssl x509 -req -days 3650 -in cyw.csr -signkey cyw.key -out cyw.crt
#配置语法
Syntax: ssl on|off;
Default : ssl off
Context:http,server
Syntax: ssl_certificate file;
Default : ——
Context:http,server
Syntax: ssl_certificate_key file;
Default : ——
Context:http,server
#例
#server
# {
# listen 443;
# server_name chen.server.io;
# ssl on;
# ssl_certificate /etc/nginx/ssl_key/cyw.crt;
# ssl_certificate_key /etc/nginx/ssl_key/cyw.key;
#
# index index.html index.htm;
# location / {
# root /opt/app/code;
# }
#}
#其他
#查看证书使用的算法等信息
#x509 -noout -text -in ./chenyaowu.crt
#用key生成指定算法的crt证书
#openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout chenyaowu.key -out chenyaowu.crt
#不需要保护码
#rsa ./chenyaowu.key -out ./cyw_nopass.key
#服务优化
#1、激活keepalive长连接
#2.设置ssl session缓存
#例
#server
# {
# listen 443;
# server_name chen.server.io;
# keepalive_timeout 100;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
#
# ssl on;
# ssl_certificate /etc/nginx/ssl_key/cyw.crt;
# ssl_certificate_key /etc/nginx/ssl_key/cyw.key;
#
# index index.html index.htm;
# location / {
# root /opt/app/code;
# }
#}