如果nginx不支持SSL模块可能需要自己编译一次:
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module--with-pcre=/tmp/pcre-8.12 --with-http_ssl_module
make && make install
另外有个问题就是证书需要密码的问题,使用openssl命令就可以了(否则你需要在每次启动nginx的时候输入证书密码,麻烦)
openssl rsa -in mysite.key -out mysite_nopass.key
server {
listen 443;
server_name mysite.com;
ssl on;
ssl_certificate mysite_combined.crt;
ssl_certificate_key mysite_nopass.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
}
其中mysite.crt是用Godday的两个证书生成的:
cat mysite.crt gd_bundle.crt > mysite_combined.crt
参考:http://www.xueit.com/html/2010-05/34-5371554852010512222242625.html
http://www.lovelucy.info/nginx-ssl-certificate-https-website.html
http://blog.51yip.com/apachenginx/974.html
http://zou.lu/nginx-https-ssl-module/