93.Nginx配置：负载均衡和SSL配置

万达换票券

　　1、生成自定义的SSL证书(仅坐试验用)
　　[root@sdwaqw conf]# openssl genrsa -des3 -out tmp.key 2048 //没有openssl命令，则通过“yum install -y openssl”安装 Generating RSA private key, 2048 bit long modulus ...................................................................................+++ .......................................................................................................................................................+++ e is 65537 (0x10001) Enter pass phrase for tmp.key: Verifying - Enter pass phrase for tmp.key: //这一步操作是生成key即“私钥”，2048为加密字符长度，会让我们输入密码，不能太短，否者不成功。 [root@sdwaqw conf]# openssl rsa -in tmp.key -out sdwaqw.key Enter pass phrase for tmp.key: writing RSA key //把tmp.key转化成sdwaqw.key，目的是删除刚才设置的密码，如果不清除密码，后面很不方便 [root@sdwaqw conf]# rm -f tmp.key [root@sdwaqw conf]# openssl req -new -key sdwaqw.key -out sdwaqw.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:JS Locality Name (eg, city) [Default City]:SZ Organization Name (eg, company) [Default Company Ltd]:XXLtd Organizational Unit Name (eg, section) []:sdwaqw.com Common Name (eg, your name or your server's hostname) []:ZZ Email Address []:a@a.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:zzz123456 An optional company name []:z //生成证书请求文件，key文件和csr文件生成最终的公钥文件。Common Name为后面配置Nginx配置文件server_name [root@sdwaqw conf]# openssl x509 -req -days 365 -in sdwaqw.csr -signkey sdwaqw.key -out sdwaqw.crt Signature ok subject=/C=CN/ST=JS/L=C/O=C/OU=C/CN=sdwaqw.com/emailAddress=z Getting Private key [root@sdwaqw conf]# ls |grep sdwaqw sdwaqw.crt sdwaqw.csr sdwaqw.key //最终生成crt证书，也就是公钥