- 首先使用niginx -V 检测nginx是否安装了https模块。发现有ssl说明已经安装好了
- 创建私钥证书。按照下面顺序执行这四条语句。
# 1、创建服务器私钥,命令会让你输入一个口令:
openssl genrsa -des3 -out server.key 1024
# 2、创建签名请求的证书(CSR):
openssl req -new -key server.key -out server.csr
# 3、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
openssl rsa -in server.key -out server_nopass.key
# 4、最后标记证书使用上述私钥和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.++++++
...............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^C
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]#
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]#
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]#
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]#
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl rsa -in server.key -out server_nopass.key
Enter pass phrase for server.key:
writing RSA key
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt
Signature ok
subject=/C=cn/L=Default City/O=Default Company Ltd
Getting Private key
- 查看生成的文件
- 再conf中配置https
server {
listen 443 ssl;
server_name www.zxl.com;
ssl_certificate /usr/local/nginx/ex/server.crt; #证书地址
ssl_certificate_key /usr/local/nginx/ex/server_nopass.key; #秘钥地址
location / {
root html;
index a.html;
}
location /ge {
alias html;
index a.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
- 访问https路径页面
- 讲http访问方式重定向到https的方式
server {
listen 80;
server_name www.zxl.com;
rewrite ^(.*) https://$server_name$1 redirect;
location / {
root html;
index a.html;
}
location /ge {
alias html;
index a.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
- 可以发现http://会跳到https