最近有个项目需要在nginx上配置ssl具体实施部署方法如下:
创建nginx证书配置目录
#mkdir -p /usr/local/nginx/conf/ssl
进入nginx配置文件目录/usr/local/nginx/ssl
#cd /usr/local/nginx/conf/ssl
在服务器上生成私钥
#openssl genrsa -out server.key 2048
生成csr文件
#openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server‘s hostname) []: 自己需要ssl的域名 Email Address []: Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []: An optional company name []:
生成好csr文件后需要把这个文件提交给证书供应商让他们颁发证书。
证书颁发好之后需要把证书文件(server.cer)、server.key、server.csr这三个文件放到nginx ssl配置目录中
“/usr/local/nginx/conf/ssl“
在nginx.conf里配置ssl
server {
listen 443;
server_name www.xxx.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/server.cer;
ssl_certificate_key /usr/local/nginx/conf/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / { root html; index index.html index.htm; }
}
重启nginx
原文地址:http://linux008.blog.51cto.com/2837805/1554812
