|
|
1、下载openssl:yum install openssl* -y 2、使用openssl生成数字证书
mkdir -p /etc/nginx/ssl
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.pem
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc.
Organizational Unit Name (eg, section) []:Ministry of Water Slides
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
Email Address []:admin@your_domain.com
3、Nginx下的配置(只启用Https)
server {
listen 80;
server_name www.yourdomain.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
#return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.pem;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
keepalive_timeout 70;
server_name www.yourdomain.com;
#禁止在header中出现服务器版本,防止***利用版本漏洞***
server_tokens off;
#如果是全站 HTTPS 并且不考虑 HTTP 的话,可以加入 HSTS 告诉你的浏览器本网站全站加密,并且强制用 HTTPS 访问
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
# ......
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/wiki.xby1993.net.access.log;
error_log /var/log/nginx/wiki.xby1993.net.error.log;
}
4、同时使用Http和Https
Nginx下配置
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.pem;
ssl_certificate_key www.example.com.key;
...
}
6、重启Nginx
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-11-11 08:58:12
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡