Nginx 實現Https訪問
默認情況下ssl模塊並未被安裝,如果要使用該模塊則需要在編譯時指定–with-http_ssl_module參數,安裝模塊依賴於OpenSSL庫和一些引用文件,通常這些文件並不在同一個軟件包中。通常這個文件名類似libssl-dev
1. 生成證書
1.1創建服務器私鑰
mkdir–p /application/nginx/sslkey/ #創建證書目錄
cd/application/nginx/sslkey/
opensslgenrsa -des3 -out server.key 1024 #創建證書輸入密碼
GeneratingRSA private key, 1024 bit long modulus
.++++++
............................................................++++++
eis 65537 (0x10001)
Enterpass phrase for server.key:
Verifying- Enter pass phrase for server.key:
1.2創建簽名請求的證書(CSR)
[root@web02sslkey]# openssl req -new -key server.key -out server.csr
Enter pass phrase forserver.key: (輸入上一步設置的密碼)
You are about to beasked to enter information that will be incorporated
into your certificaterequest.
What you are about toenter is what is called a Distinguished Name or a DN.
There are quite a fewfields but you can leave some blank
For some fields therewill be a default value,
If you enter ‘.‘, thefield will be left blank.
-----
Country Name (2 lettercode) [XX]:CN
State or Province Name(full name) []:bj
Locality Name (eg,city) [Default City]:bj
Organization Name (eg,company) [Default Company Ltd]:bj
Organizational UnitName (eg, section) []:bj
Common Name (eg, yourname or your server‘s hostname) []:bj
Email Address []:bj
Please enter thefollowing ‘extra‘ attributes
to be sent with yourcertificate request
A challenge password[]:123456
An optional companyname []:123456
1.3在加載SSL支持的Nginx並使用上述私鑰時除去必須的口令:
[root@web02sslkey]# cp server.key server.key.org
[root@web02sslkey]# openssl rsa -in server.key.org-out server.key
Enterpass phrase for server.key.org:
writingRSA key
1.4最後標記證書使用上述私鑰和CSR
[root@web02sslkey]# openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt
Signature ok
subject=/C=CN/ST=bj/L=bj/O=bj/OU=bj/CN=bj/emailAddress=bj
Getting Private key
2. 配置nginx
2.1修改Nginx配置文件
vim blog.conf #在開頭加入下面幾行
server_nameblog.etiantian.org;
listen 443;
ssl on;
ssl_certificate/application/nginx/sslkey/server.crt;
ssl_certificate_key/application/nginx/sslkey/server.key;
本文出自 “10997527” 博客,請務必保留此出處http://11007527.blog.51cto.com/10997527/1982886
Nginx 實現Https訪問