安装openssl
yum install gcc gcc-c++ openssl openssl-devel
生成自签证书
# 使用openssl颁发私钥证书, 生成一个RSA私钥
openssl genrsa -idea -out server.key 2048
# 生成自签证书, 同时去掉私钥密码
openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
示例:
Country Name: 国家(CN)
State or Province Name: 省份(LiaoNing)
Locality Name (eg, city): 城市(ShenYang)
Organization Name (eg, company): 公司(xxx公司)
Organizational Unit Name: 组织单元(xxx部门)
Common Name (eg, your name or your server's hostname): 域名(url.http.com)
Email Address: 邮箱地址(xxx@gmail.com)
配置nginx虚拟主机:
worker_processes auto;
http {
...
server {
listen 443 ssl;
keepalive_timeout 70;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
...
}
}
将80端口跳转到443端口
server {
listen 80;
server_name url.http.com;
# 方法一
#rewrite ^(.*)$ https://$host$1 redirect;
# 方法二
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name url.http.com;
keepalive_timeout 60;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/server.pem;
ssl_certificate_key /usr/local/nginx/conf/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
...
}