加入收藏 | 设为首页 | 会员中心 | 我要投稿 南平站长网 (https://www.0599zz.com/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 站长学院 > MySql教程 > 正文

Centos下nginx配置https证书的操作过程

发布时间:2022-01-17 23:42:33 所属栏目:MySql教程 来源:互联网
导读:这篇文章主要讲解了Centos下nginx配置https证书的操作步骤,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习Centos下nginx配置https证书的操作步骤吧! 1、首先配置nginx及其他插件,这个Google下,很多配置
       这篇文章主要讲解了“Centos下nginx配置https证书的操作步骤”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“Centos下nginx配置https证书的操作步骤”吧!
 
      1、首先配置nginx及其他插件,这个Google下,很多配置方案。
 
      2、配置服务器的证书。操作步骤如下:
 
[root@localhost ~]# cd /etc/pki/tls/certs
 
[root@localhost certs]# make server.key
 
umask 77 ;
 
/usr/bin/openssl genrsa -aes128 2048 > server.key
 
Generating RSA private key, 2048 bit long modulus
 
......................................................++++++
 
.............++++++
 
e is 61251 (0x10001)
 
Enter pass phrase:# set passphrase
 
Verifying - Enter pass phrase:# confirm
 
# remove passphrase from private key
 
[root@localhost certs]# openssl rsa -in server.key -out server.key
 
Enter pass phrase for server.key:# input passphrase
 
writing RSA key
 
[root@localhost certs]#
 
[root@localhost certs]# make server.csr
 
umask 77 ;
 
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
 
You are about to be asked to enter information that will be incorporated
 
into your certificate request.
 
What you are about to enter is what is called a Distinguished Name or a DN.
 
There are quite a few fields but you can leave some blank
 
For some fields there will be a default value,
 
If you enter '.', the field will be left blank.
 
-----
 
Country Name (2 letter code) [XX]:CN #country
 
State or Province Name (full name) [e]:Beijing   #state
 
Locality Name (eg, city) [Default City]:Beijing  #city
 
Organization Name (eg, company) [Default Company Ltd]:Test   #company
 
Organizational Unit Name (eg, section) []:Test Haha   #department
 
Common Name (eg, your server's hostname) []:www.test.com   #server's FQDN
 
Email Address []:admin@test.com # email address
 
Please enter the following 'extra' attributes
 
to be sent with your certificate request
 
A challenge password []:# Enter
 
An optional company name []:# Enter
 
[root@localhost certs]#
 
[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
 
Signature ok
 
subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com
 
Getting Private key
 
[root@localhost certs]# chmod 400 server.*
 
3、配置nginx的conf文件
 
#server {
 
#       listen 80;
 
#       server_name happy.cc.com;
 
#       rewrite ^(.*)$  permanent;
 
#      }
 
server {
 
       listen 80;
 
       listen 443 ssl;
 
       server_name happy.cc.com;
 
       location / {
 
       root   /data/www/cloud;
 
       index  index.html;                                                                                                                                                                                                                   
 
       }
 
       ssl on;
 
       ssl_certificate /data/webserver/nginx/conf/server.crt;
 
       ssl_certificate_key /data/webserver/nginx/conf/server.key;
 
       ssl_session_timeout 5m;
 
       ssl_protocols  SSLv3 TLSv1;
 
       ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
 
       ssl_prefer_server_ciphers   on;
 
       #autoindex on;
 
       location = /favicon.ico {
 
       log_not_found off;
 
       access_log off;
 
       }
 
       location ~ .php$ {
 
       root           /data/www/cloud;
 
       fastcgi_pass   unix:/tmp/php-cgi.sock;
 
       #fastcgi_pass   127.0.0.1:9000;
 
       fastcgi_index  index.php;
 
       fastcgi_param  SCRIPT_FILENAME  /data/www/cloud$fastcgi_script_name;
 
       include        fastcgi_params;
 
       }
 
       location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
 
       {
 
       expires 30d;
 
       }
 
       location ~ .*.(js|css)?$
 
       {
 
       expires 1h;
 
       }
 
      access_log /data/log/nginx/happy.access.log access;
 
      error_log /data/log/nginx/happy.error.log warn;
 
     }
 
4、打开iptables的443端口
 
感谢各位的阅读,以上就是“Centos下nginx配置https证书的操作步骤”的内容了,经过本文的学习后,相信大家对Centos下nginx配置https证书的操作步骤这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。

(编辑:南平站长网)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!

    热点阅读