Nginx设置Https

PS:内部测试使用openssl,生产使用需要购买

一.创建ssl证书

1.1 创建私钥

[root@VM-16-15-centos ~]# cd /usr/local/nginx/
[root@VM-16-15-centos nginx]# mkdir ssl
[root@VM-16-15-centos nginx]# cd ssl/
[root@VM-16-15-centos ssl]# openssl genrsa -des3 -out admin.key 2048
Generating RSA private key, 2048 bit long modulus
..................+++
........................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for admin.key:  [123456]
Verifying - Enter pass phrase for admin.key:  [123456]
  • -des3:使用des3加密
  • -out:保存
  • 2048:默认选择为2048

1.2 生成CSR(证书签名请求)

[root@VM-16-15-centos ssl]# openssl req -new -key admin.key -out admin.csr
Enter pass phrase for admin.key: [123456]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
#正常需要依次输入国家,地区,城市,组织,组织单位,此处为内网用直接全部回车即可;
Country Name (2 letter code) [XX]: 
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  • -new:表示生成一个新证书签署请求

1.3 删除密钥中的密码

[root@VM-16-15-centos ssl]# openssl  rsa -in admin.key -out admin.key 
Enter pass phrase for admin.key: [123456]
writing RSA key
  • -in:指定要加密的文件存放路径

1.4 生成自签名证书

[root@VM-16-15-centos ssl]# openssl  x509 -req -days 365 -in admin.csr -signkey admin.key -out admin.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
  • -509:定义证书格式
  • -days:证书的有效期限,单位是day(天),默认是365天
  • -signkey:对证书进行自我签名

1.5 生成pem格式公钥

PS:有些服务,需要有pem格式的证书才能正常加载;

[root@VM-16-15-centos ssl]# openssl x509 -in admin.crt  -out admin.pem -outform PEM
[root@VM-16-15-centos ssl]# ls
admin.crt  admin.csr  admin.key  admin.pem

二.修改Nginx配置文件

[root@VM-16-15-centos ~]# cd /usr/local/nginx/conf/
[root@VM-16-15-centos conf]# vim nginx.conf
......
#在配置文件中找到https断了去掉注释指向创建好的ssl证书路径;
  # HTTPS server

    server {

        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      /usr/local/nginx/ssl/admin.pem;
        ssl_certificate_key  /usr/local/nginx/ssl/admin.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm index.php;
        }

        location ~ \.php$ {
           root           html;
            fastcgi_pass   10.0.16.15:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
    }

......
[root@VM-16-15-centos conf]# systemctl  restart nginx

测试访问:
在这里插入图片描述

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值