nginx -V
查看nginx 的ssl配置有没有–with-http_ssl_module
apt-get install openssl
cd /opt/nginx/conf
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server_nopwd.key
openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
server {
#listen 80;
listen 443;
server_name domain;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
...
}
nginx在版本V1.57中配置如下
server {
listen 443 ssl;
server_name test.com;
ssl_certificate /etc/nginx/https_conf/test.com/test.com.pem;
ssl_certificate_key /etc/nginx/https_conf/test.com/test.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
...
}