1、生成密钥
openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key
openssl req -new -key server.key -out server.csr
Common Name需要填写域名
openssl req -new -x509 -key server.key -out ca.crt -days 3650
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
server.crt和server.key就是nginx需要的证书文件。
2、配置nginx
server {
listen 443;
server_name www.example.com; // 你的域名
ssl on;
root /var/projectname; // 项目目录
index index.html index.htm;// 上面配置的文件夹里面的index.html
ssl_certificate server.crt;// 证书路径
ssl_certificate_key server.key;//证书路径
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}
重启nginx生效