Nginx安装HTTP SSL模块基本配置

最新推荐文章于 2023-06-14 21:30:22 发布

一条宝鱼

最新推荐文章于 2023-06-14 21:30:22 发布

阅读量1k

点赞数

分类专栏： nginx https

nginx 同时被 2 个专栏收录

4 篇文章 0 订阅

订阅专栏

https

2 篇文章 0 订阅

订阅专栏

摘要: 简单实现Nginx反向代理https请求的配置。

一、安装ssl和编译安装nginx

cd /opt/server/
wget 192.168.28.74:8080/openssl-1.0.2e.tar.gz
tar -xvf openssl-1.0.2e.tar.gz
cd /opt/server/
wget http://mirrors.sohu.com/nginx/nginx-1.5.1.zip
unzip nginx-1.5.1.zip

[root@bogon nginx-1.6.2]# ./configure  --prefix=/opt/server/nginx-1.5.1 --with-http_stub_status_module  --with-http_ssl_module --with-openssl=../openssl-1.0.2e/
[root@bogon nginx-1.6.2]# make
[root@bogon nginx-1.6.2]# make install

nginx默认安装在 /usr/local/目录下，这里指定安装在特定目录下。

二、生成SSL证书

[root@bogon ssl]# openssl req -new -key junglone.com.key -out junglone.com.csr
Enter pass phrase for junglone.com.key:
You are about to be asked to enter information that will be incorporated
  to your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:junglone.com
Organizational Unit Name (eg, section) []:junglone.com
Common Name (eg, your name or your server's hostname) []:junglone.com
Email Address []:admin@junglone.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@bogon ssl]# openssl rsa -in junglone.com.key -out junglone.com_nopass.key
Enter pass phrase for junglone.com.key:
writing RSA key
[root@bogon ssl]# ls
junglone.com.csr  junglone.com.key  junglone.com_nopass.key
[root@bogon ssl]# ll
总用量 12
-rw-r--r-- 1 root root 716 7月  22 13:17 junglone.com.csr
-rw-r--r-- 1 root root 891 7月  22 13:18 junglone.com.key
-rw-r--r-- 1 root root 963 7月  22 13:17 junglone.com_nopass.key
[root@bogon ssl]#

按照以上方式自行颁发的SSL证书是不受浏览器信任的。推荐使用受浏览器信任的StartSSL免费SSL证书。

申请地址：https://startssl.com

三、Nginx配置

    server {
        listen       443 ssl;
        server_name  localhost;

        ssl on;

        ssl_certificate /usr/local/nginx/ssl/1_junglone.com_bundle.crt;
        ssl_certificate_key /usr/local/nginx/ssl/junglone.com_nopass.key;
	ssl_session_timeout  30m;
        ssl_protocols  SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:!EXP:!RC4:!MD5:!DES:!aNull;
        ssl_prefer_server_ciphers   on;
        location / {
            root   html;
            index  index.html index.htm;
        }
    }

四、验证

因为证书颁发给的是junglone.com，所以通过ip访问的时候是有安全提醒。

通过域名访问就可以看到清爽的小图标了。如下图：

一条宝鱼

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Nginx安装HTTP SSL模块基本配置

摘要: 简单实现Nginx反向代理https请求的配置。一、安装ssl和编译安装nginxcd /opt/server/wget 192.168.28.74:8080/openssl-1.0.2e.tar.gztar -xvf openssl-1.0.2e.tar.gz cd /opt/server/wget http://mirrors.sohu.com/ngin
复制链接

扫一扫