nginx配置HTTPS服务器一、Ubuntu配置nginxv1.4.6HTTPS服务器1.首先保证机器上安装了openssl和openssl-develpipinstallopensslpipinstallopenssl-devel2。创建服务器私钥,命令会让你输入密码:opensslgenrsa-des3-outserver.key1024//生成私钥第一步生成server.key密码:1234563为签名请求创建证书(CSR):>opensslreq-new-keyserver.key-outserver.csr>1CountryName(2lettercode)[AU]:CN ←Enterthecountrycode>2StateorProvinceName(fullname)[Some-State]:SHANGHAI←Inputtheprovincename>3LocalityName(eg,city)[]:SHANGHAI ←Entercityname>4OrganizationName(eg,company)[InternetWidgitsPtyLtd]:11 ←Entercompanyname>5OrganizationalUnitName(eg,section)[]:11 ←Enterorganizationalunitname>6CommonName(eg,YOURname)[]:111.11.11.1 ←Enterhostname>7EmailAddress[]:xxx@gmail.com ←输入电子邮件地址4.加载支持SSL的Nginx并使用上面的私钥:opensslrsa-inserver.key-outserver_nopwd.key5.配置nginx,最后使用上面的私钥和CSR标记证书:opensslx509-req-days365-inserver.csr-signkeyserver_nopwd.key-outserver.crt6。修改Nginx配置文件以包含新标记的证书和私钥:http{includeserver/*.cn;}7。修改Nginx配置文件以包含新标记的证书和私钥Key:server{listen443;server_namexx.onlinewww.xx.online;sslon;ssl_certificate/hk/keys/server.crt;ssl_certificate_key/hk/keys/server_nopwd.key;ssl_session_timeout5m;ssl_protocolsSSLv3TLSv1TLSv1TLSv1.1TLSv1.2;ssl_ciphers"HILLIGH:!aN:!MD5orHIGH:!aNULL:!MD5:!3DES";ssl_prefer_server_cipherson;charsetutf-8;位置/媒体{别名/11/资源/项目/媒体;}位置/static{alias/11/project/static;}location/{uwsgi_pass127.0.0.1:9011;include/11/project/uwsgi_params;}}8.启动nginx服务器。如果“[emerg]10464#0:unknowndirective“ssl”in/usr/local/nginx-0.6.32/conf/nginx.conf:74”表示ssl模块还没有编译到nginx中,只需加上“--with-http_ssl_module"配置时[root@localhostnginx-1.4.4]#./配置–prefix=/usr/local/nginx–user=www–group=www–with-http_stub_status_module–with-http_ssl_moduleservicenginxreloadservicenginxrestart9。测试网站能否访问https://xx.online/admin10。同时支持80和443接入配置:server{listen80defaultbacklog=2048;listen443ssl;}
