一、准備
環境:centos6.8
nginx:1.13.6
二、開始
首先安裝依賴包:
yum install -y gcc gcc-c++ autoconf automake make zlib zlib-devel openssl openssl-devel pcre pcre-devel
開始安裝
tar -xf nginx-1.13.6.tar.gz
cd nginx-1.13.6
./configure --prefix=/usr/local/nginx --with-pcre --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module
make && make install
三、配置https簽名證書
創建https證書存放目錄:mkdir cert
創建私鑰:openssl genrsa -des3 -out https.key 1024
創建簽名請求證書:openssl req -new -key https.key -out https.csr
在加載SSL支持的Nginx並使用上述私鑰時除去必須的口令:
cp https.key https.key.org
openssl rsa -in https.key.org -out https.key
最后標記證書使用上述私鑰和CSR和有效期:openssl x509 -req -days 365 -in https.csr -signkey https.key -out https.crt
四、配置nginx的https
配置vim nginx.conf
server {
listen 443 ssl;
server_name 192.168.2.90;
ssl_certificate /usr/local/nginx/cert/https.crt;
ssl_certificate_key /usr/local/nginx/cert/https.key;
# ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
五、完成
啟動nginx :/usr/local/nginx/sbin/nginx
有問題改配置后平滑重啟nginx:/usr/local/nginx/sbin/nginx -s reload
用瀏覽器訪問:https://ip
注意:自己創建的證書瀏覽器會提示危險,選擇通過就可以了。