跟小編一起學:Nginx配置HTTPS伺服器過程詳情
nginx配置HTTPS伺服器
一、 ubuntu配置nginx v1.4.6 HTTPS伺服器
1.首先確保機器上安裝了openssl和openssl-devel
pip install openssl pip install openssl-devel
2.建立伺服器私鑰,命令會讓你輸入一個口令:
openssl genrsa -des3 -out server.key 1024 // 生成私鑰
第一步生成server.key密碼:123456
3.建立簽名請求的證書(CSR):
> openssl req -new -key server.key -out server.csr > 1 Country Name (2 letter code) [AU]:CN ←輸入國家程式碼 > 2 State or Province Name (full name) [Some-State]:SHANGHAI← 輸入省名 > 3 Locality Name (eg, city) []:SHANGHAI ←輸入城市名 > 4 Organization Name (eg, company) [Internet Widgits Pty Ltd]:11 ← 輸入公司名 > 5 Organizational Unit Name (eg, section) []:11 ← 輸入組織單位名 > 6 Common Name (eg, YOUR name) []:111.11.11.1 ← 輸入主機名 > 7 Email Address []:[email protected] ←輸入電子郵箱地址
4.在載入SSL支援的Nginx並使用上述私鑰:
openssl rsa -in server.key -out server_nopwd.key
5.配置nginx最後標記證書使用上述私鑰和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
6.修改Nginx配置檔案,讓其包含新標記的證書和私鑰:
http { include server/*.cn; }
7.修改Nginx配置檔案,讓其包含新標記的證書和私鑰:
server { listen 443; server_name xx.online www.xx.online; ssl on; ssl_certificate /hk/keys/server.crt; ssl_certificate_key /hk/keys/server_nopwd.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; charset utf-8; location /media { alias /11/resource/project/media; } location /static { alias /11/project/static; } location / { uwsgi_pass 127.0.0.1:9011; include /11/project/uwsgi_params; } }
8.啟動nginx伺服器.
如果出現“[emerg] 10464#0: unknown directive “ssl” in /usr/local/nginx-0.6.32/conf/nginx.conf:74”則說明沒有將ssl模組編譯進nginx,在configure的時候加上“–with-http_ssl_module”即可
[root@localhost nginx-1.4.4]# ./configure –prefix=/usr/local/nginx –user=www –group=www –with-http_stub_status_module –with-http_ssl_module service nginx reload service nginx restart
9.測試網站是否能夠通過https訪問
https://xx.online/admin
10.同時支援80和443同時訪問配置:
server { listen 80 default backlog=2048; listen 443 ssl; }