Nginx 实现Https访问
默认情况下ssl模块并未被安装,如果要使用该模块则需要在编译时指定–with-http_ssl_module参数,安装模块依赖于OpenSSL库和一些引用文件,通常这些文件并不在同一个软件包中。通常这个文件名类似libssl-dev1. 生成证书
1.1创建服务器私钥
mkdir–p /application/nginx/sslkey/ #创建证书目录
cd/application/nginx/sslkey/
opensslgenrsa -des3 -out server.key 1024 #创建证书输入密码
GeneratingRSA private key, 1024 bit long modulus
.++++++
............................................................++++++
eis 65537 (0x10001)
Enterpass phrase for server.key:
Verifying- Enter pass phrase for server.key:
1.2创建签名请求的证书(CSR)
# openssl req -new -key server.key -out server.csr
Enter pass phrase forserver.key: (输入上一步设置的密码)
You are about to beasked to enter information that will be incorporated
into your certificaterequest.
What you are about toenter is what is called a Distinguished Name or a DN.
There are quite a fewfields but you can leave some blank
For some fields therewill be a default value,
If you enter '.', thefield will be left blank.
-----
Country Name (2 lettercode) :CN
State or Province Name(full name) []:bj
Locality Name (eg,city) :bj
Organization Name (eg,company) :bj
Organizational UnitName (eg, section) []:bj
Common Name (eg, yourname or your server's hostname) []:bj
Email Address []:bj
Please enter thefollowing 'extra' attributes
to be sent with yourcertificate request
A challenge password[]:123456
An optional companyname []:123456
1.3在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
# cp server.key server.key.org
#openssl rsa -in server.key.org-out server.key
Enterpass phrase for server.key.org:
writingRSA key
1.4最后标记证书使用上述私钥和CSR
# openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt
Signature ok
subject=/C=CN/ST=bj/L=bj/O=bj/OU=bj/CN=bj/emailAddress=bj
Getting Private key
2. 配置nginx
2.1修改Nginx配置文件
vim blog.conf #在开头加入下面几行
server_nameblog.etiantian.org;
listen 443;
ssl on;
ssl_certificate/application/nginx/sslkey/server.crt;
ssl_certificate_key/application/nginx/sslkey/server.key;
页:
[1]