nginx之https配置

• 首先使用niginx -V 检测nginx是否安装了https模块。发现有ssl说明已经安装好了

•  创建私钥证书。按照下面顺序执行这四条语句。

# 1、创建服务器私钥，命令会让你输入一个口令：
 openssl genrsa -des3 -out server.key 1024 
# 2、创建签名请求的证书（CSR）：
 openssl req -new -key server.key -out server.csr 
# 3、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令： 
openssl rsa -in server.key -out server_nopass.key 
# 4、最后标记证书使用上述私钥和CSR：
 openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt

[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl genrsa -des3 -out server.key 1024 
Generating RSA private key, 1024 bit long modulus
.++++++
...............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl req -new -key server.key -out server.csr 
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^C
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl req -new -key server.key -out server.csr 
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# 
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# 
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# 
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# 
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl rsa -in server.key -out server_nopass.key 
Enter pass phrase for server.key:
writing RSA key
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt
Signature ok
subject=/C=cn/L=Default City/O=Default Company Ltd
Getting Private key

• 查看生成的文件

• 再conf中配置https

server {
        listen       443 ssl;
        server_name  www.zxl.com;

        ssl_certificate    /usr/local/nginx/ex/server.crt; #证书地址
        ssl_certificate_key    /usr/local/nginx/ex/server_nopass.key; #秘钥地址

        location / {
           root html;
           index a.html;
        }

        location /ge {
           alias html;
           index a.html;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

}

• 访问https路径页面

• 讲http访问方式重定向到https的方式

server {
        listen       80;
        server_name  www.zxl.com;

        rewrite ^(.*) https://$server_name$1 redirect;

        location / {
           root html;
           index a.html;
        }

        location /ge {
           alias html;
           index a.html;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

}

• 可以发现http://会跳到https