Nginx实战案例—HTTPS加密认证
同http服务一样,nginx也可以设置https加密认证。当我们访问http://www.westos.org时,它会帮我们自动跳转到https://www.westos.org
下面是设定加密认证的步骤:
step1 修改配置文件:
vim /usr/local/nginx/conf/nginx.conf
104 # HTTPS server
105 #
106 server {
107 listen 443 ssl;
108 server_name www.westos.org;
109
110 ssl_certificate cert.pem;
111 ssl_certificate_key cert.pem;
112
113 ssl_session_cache shared:SSL:1m;
114 ssl_session_timeout 5m;
115
116 ssl_ciphers HIGH:!aNULL:!MD5;
117 ssl_prefer_server_ciphers on;
118
119 location / {
120 root /web;
121 index index.html index.htm;
122 }
123 }
step2 制作key:
cd /etc/pki/tls/certs/
make cert.pem
step3 发送key:
cp cert.pem /usr/local/nginx/conf/
step4 制作发布页面:
cd /usr/local/nginx/conf/
mkdir /web
vim /web/index.html
step5 添加解析:
在真机中:
vim /etc/hosts
172.25.1.1 www.westos.org
step6 重新加载nginx:
nginx -t #语法检测
nginx -s reload #在不暂停服务的情况下重新加载
step7 测试:
https://www.westos.org/
添加证书