1,查看是否安裝openssl
openssl version -a
2,沒有安裝執行
yum install mod_ssl openssl
3,在nginx目錄下創建ssl文件夾
cd /usr/local/nginx
mkdir ssl
cd ssl
4,生成2048位的加密私鑰
openssl genrsa -out server.key 2048
5,生成證書簽名請求(CSR),這里需要填寫許多信息
openssl req -new -key server.key -out server.csr
輸出內容為:
Enter pass phrase for root.key: ← 輸入前面創建的密碼
Country Name (2 letter code) [AU]:CN ← 國家代號,中國輸入CN
State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音
Locality Name (eg, city) []:BeiJing ← 市的全名,拼音
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名
Organizational Unit Name (eg, section) []: ← 可以不輸入
Common Name (eg, YOUR name) []: ← 服務器主機名,若填寫不正確,瀏覽器會報告證書無效,但並
Email Address []:admin@mycompany.com ← 電子郵箱,可隨意填
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: ← 可以不輸入
An optional company name []: ← 可以不輸入
6,生成類型為X509的自簽名證書。有效期設置3650天,即有效期為10年
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
7,查看當前ssl目錄
ls
8,將需要使用的域名添加至本地電腦host文件,ip為虛擬機ip地址
192.168.110.129 chat.somi.com
9,查看本地nginx配置文件
find / -name nginx.conf
打開文件進行編輯 vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
#https配置開始
listen 443 ssl;
server_name chat.somi.com;
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#https配置結束
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
}
10,重啟nginx服務
service nginx reload
到此配置完成啦,https訪問