nginx 配置https

最新推荐文章于 2023-11-14 13:23:09 发布

zkaipmoo

最新推荐文章于 2023-11-14 13:23:09 发布

阅读量807

点赞数

分类专栏：系统运维文章标签： nginx https ssl

本文链接：https://blog.csdn.net/yongcto/article/details/40377777

版权

系统运维专栏收录该内容

112 篇文章 0 订阅

订阅专栏

公司需要配置https站点

yum install openssl openssl-devel

[root@hadoop conf]# openssl genrsa -des3 -out 33iq.key 1024

Generating RSA private key, 1024 bit long modulus
...++++++
..............++++++
e is 65537 (0x10001)
Enter pass phrase for 33iq.key:
Verifying - Enter pass phrase for 33iq.key:
[root@hadoop conf]# openssl req -new -key 33iq.key -out 33iq.csr
Enter pass phrase for 33iq.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) [Default City]:Shanghai
Organization Name (eg, company) [Default Company Ltd]:Shanghai Chuangji Information Technology Ltd
Organizational Unit Name (eg, section) []:33IQ
Common Name (eg, your name or your server's hostname) []:*.33iq.com
Email Address []:admin@33iq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@hadoop conf]# rsa -in 33iq.key -out 33iq_nopass.key
-bash: rsa: command not found
[root@hadoop conf]# openssl rsa -in 33iq.key -out 33iq_nopass.key
Enter pass phrase for 33iq.key:
writing RSA key
[root@hadoop conf]# openssl x509 -req -days 365 -in 33iq.csr -signkey 33iq.key -out 33iq.crt
Signature ok
subject=/C=CN/ST=Shanghai/L=Shanghai/O=Shanghai Chuangji Information Technology Ltd/OU=33IQ/CN=*.33iq.com/emailAddress=admin@33iq.com
Getting Private key
Enter pass phrase for 33iq.key:

[root@hadoop conf]# vi servers/ssl.market.gsie.cn

server
{
server_name ssl.test.cn;
listen 443;
ssl on;
index index.html index.htm index.php;
root /data_disk1/webdata/ssl;

ssl_certificate /data_disk1/webserver/nginx/conf/33iq.crt;
ssl_certificate_key /data_disk1/webserver/nginx/conf/33iq_nopass.key;
}

重启Nginx后即可通过https访问网站了。