Centos下nginx配置https证书的操作过程
发布时间:2022-01-17 23:42:33 所属栏目:MySql教程 来源:互联网
导读:这篇文章主要讲解了Centos下nginx配置https证书的操作步骤,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习Centos下nginx配置https证书的操作步骤吧! 1、首先配置nginx及其他插件,这个Google下,很多配置
这篇文章主要讲解了“Centos下nginx配置https证书的操作步骤”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“Centos下nginx配置https证书的操作步骤”吧! 1、首先配置nginx及其他插件,这个Google下,很多配置方案。 2、配置服务器的证书。操作步骤如下: [root@localhost ~]# cd /etc/pki/tls/certs [root@localhost certs]# make server.key umask 77 ; /usr/bin/openssl genrsa -aes128 2048 > server.key Generating RSA private key, 2048 bit long modulus ......................................................++++++ .............++++++ e is 61251 (0x10001) Enter pass phrase:# set passphrase Verifying - Enter pass phrase:# confirm # remove passphrase from private key [root@localhost certs]# openssl rsa -in server.key -out server.key Enter pass phrase for server.key:# input passphrase writing RSA key [root@localhost certs]# [root@localhost certs]# make server.csr umask 77 ; /usr/bin/openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN #country State or Province Name (full name) [e]:Beijing #state Locality Name (eg, city) [Default City]:Beijing #city Organization Name (eg, company) [Default Company Ltd]:Test #company Organizational Unit Name (eg, section) []:Test Haha #department Common Name (eg, your server's hostname) []:www.test.com #server's FQDN Email Address []:admin@test.com # email address Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:# Enter An optional company name []:# Enter [root@localhost certs]# [root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 Signature ok subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com Getting Private key [root@localhost certs]# chmod 400 server.* 3、配置nginx的conf文件 #server { # listen 80; # server_name happy.cc.com; # rewrite ^(.*)$ permanent; # } server { listen 80; listen 443 ssl; server_name happy.cc.com; location / { root /data/www/cloud; index index.html; } ssl on; ssl_certificate /data/webserver/nginx/conf/server.crt; ssl_certificate_key /data/webserver/nginx/conf/server.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; #autoindex on; location = /favicon.ico { log_not_found off; access_log off; } location ~ .php$ { root /data/www/cloud; fastcgi_pass unix:/tmp/php-cgi.sock; #fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/www/cloud$fastcgi_script_name; include fastcgi_params; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*.(js|css)?$ { expires 1h; } access_log /data/log/nginx/happy.access.log access; error_log /data/log/nginx/happy.error.log warn; } 4、打开iptables的443端口 感谢各位的阅读,以上就是“Centos下nginx配置https证书的操作步骤”的内容了,经过本文的学习后,相信大家对Centos下nginx配置https证书的操作步骤这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。 (编辑:南平站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |