标签:
1、首先配置nginx及其他插件,这个Google下,很多配置方案。
2、配置服务器的证书。操作步骤如下:
[root@localhost ~]# cd /etc/pki/tls/certs [root@localhost certs]# make server.key umask 77 ; /usr/bin/openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modulus ......................................................++++++ .............++++++ e is 61251 (0x10001) Enter pass phrase:# set passphrase Verifying - Enter pass phrase:# confirm # remove passphrase from private key [root@localhost certs]# openssl rsa -in server.key -out server.key Enter pass phrase for server.key:# input passphrase writing RSA key [root@localhost certs]# [root@localhost certs]# make server.csr umask 77 ; /usr/bin/openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]:CN #country State or Province Name (full name) [e]:Beijing #state Locality Name (eg, city) [Default City]:Beijing #city Organization Name (eg, company) [Default Company Ltd]:Test #company Organizational Unit Name (eg, section) []:Test Haha #department Common Name (eg, your server‘s hostname) []:www.test.com #server‘s FQDN Email Address []:admin@test.com # email address Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []:# Enter An optional company name []:# Enter [root@localhost certs]# [root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 Signature ok subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com
Getting Private key [root@localhost certs]# chmod 400 server.*
3、配置nginx的conf文件
我测试机器的nginx是安装在 /data/server/nginx目录下,配置文件在 /data/server/nginx/conf/目录下。
[root@localhost conf]# vi nginx.conf
ssl部分的配置如下
server { #listen 80; listen 80 default_server; listen 443 ssl; server_name localhost; ssl_certificate /etc/pki/tls/certs/server.crt; ssl_certificate_key /etc/pki/tls/certs/server.key; #charset koi8-r;
重新加载配置文件。
4、打开Centos自带iptables的443端口
[root@localhost conf]# vi /etc/sysconfig/iptables
增加一行
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
重启iptables服务。
标签:
原文地址:http://www.cnblogs.com/zsxfbj/p/nginx_https.html
