跟小編一起學:Nginx配置HTTPS伺服器過程詳情
摘要:
nginx配置HTTPS伺服器
一、 ubuntu配置nginx v1.4.6 HTTPS伺服器
1.首先確保機器上安裝了openssl和openssl-devel
pip install openssl
pip install openssl-devel
2.建立伺服...
nginx配置HTTPS伺服器
一、 ubuntu配置nginx v1.4.6 HTTPS伺服器
1.首先確保機器上安裝了openssl和openssl-devel
pip install openssl pip install openssl-devel
2.建立伺服器私鑰,命令會讓你輸入一個口令:
openssl genrsa -des3 -out server.key 1024 // 生成私鑰
第一步生成server.key密碼:123456
3.建立簽名請求的證書(CSR):
> openssl req -new -key server.key -out server.csr > 1 Country Name (2 letter code) [AU]:CN ←輸入國家程式碼 > 2 State or Province Name (full name) [Some-State]:SHANGHAI← 輸入省名 > 3 Locality Name (eg, city) []:SHANGHAI ←輸入城市名 > 4 Organization Name (eg, company) [Internet Widgits Pty Ltd]:11 ← 輸入公司名 > 5 Organizational Unit Name (eg, section) []:11 ← 輸入組織單位名 > 6 Common Name (eg, YOUR name) []:111.11.11.1 ← 輸入主機名 > 7 Email Address []:[email protected] ←輸入電子郵箱地址
4.在載入SSL支援的Nginx並使用上述私鑰:
openssl rsa -in server.key -out server_nopwd.key
5.配置nginx最後標記證書使用上述私鑰和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
6.修改Nginx配置檔案,讓其包含新標記的證書和私鑰:
http {
include server/*.cn;
}
7.修改Nginx配置檔案,讓其包含新標記的證書和私鑰:
server {
listen 443;
server_name xx.online www.xx.online;
ssl on;
ssl_certificate /hk/keys/server.crt;
ssl_certificate_key /hk/keys/server_nopwd.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
charset utf-8;
location /media {
alias /11/resource/project/media;
}
location /static {
alias /11/project/static;
}
location / {
uwsgi_pass 127.0.0.1:9011;
include /11/project/uwsgi_params;
}
}
8.啟動nginx伺服器.
如果出現“[emerg] 10464#0: unknown directive “ssl” in /usr/local/nginx-0.6.32/conf/nginx.conf:74”則說明沒有將ssl模組編譯進nginx,在configure的時候加上“–with-http_ssl_module”即可
[root@localhost nginx-1.4.4]# ./configure –prefix=/usr/local/nginx –user=www –group=www –with-http_stub_status_module –with-http_ssl_module service nginx reload service nginx restart
9.測試網站是否能夠通過https訪問
https://xx.online/admin
10.同時支援80和443同時訪問配置:
server {
listen 80 default backlog=2048;
listen 443 ssl;
}