nginx安装https证书

豆浆咸饼可度日
147 阅读1分钟
  • https证书 
    E:.
│  xxx.com.cn.csr
│  xxx.com.cn.key
│  xxx.com.cn.pem
│
├─Apache
│      1_root_bundle.crt
│      2_xxx.com.cn.crt
│      3_xxx.com.cn.key
│
├─IIS
│      keystorePass.txt
│      xxx.com.cn.pfx
│
├─Nginx
│      1_xxx.com.cn_bundle.crt
│      2_xxx.com.cn.key
│
└─Tomcat
       keystorePass.txt
       xxx.com.cn.jks
  • nginx安装https证书

  1. 检查nginx是否安装了ssl模块,如果出现(--with-http_ssl_module),则已安装,否则安装

    • 检查nginx是否安装了ssl模块
    cd nginx/sbin
./ngin -V

    nginx version: nginx/1.17.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --builddir=objs --prefix=/usr/local/nginx --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=sbin/nginx --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-pcre-jit --with-poll_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module --with-http_v2_module --with-ipv6

    • 如果没有安装请下载nginx源码重新编译
    .`/configure --with-http_stub_status_module --with-http_ssl_module
make && make install`

  2. 关闭nginx:./nginx -s stop

  3. 将证书和密码文件拷贝到nginx/cert文件夹下

  4. 配置nginx/conf/nginx.conf

    #将 http 重定向 https
server {
	listen       80;
	server_name  xxx.xxx.xxx.xxx;
	charset utf-8;
	rewrite ^(.*)$ https://$host$1 permanent;
}

# HTTPS server

server {
	listen       443 ssl;
	server_name  xxx.xxx.xxx.xxx;
	charset utf-8;

	ssl_certificate      /usr/local/nginx/cert/1_xxx.com.cn_bundle.crt;	#证书文件全路径
	ssl_certificate_key  /usr/local/nginx/cert/2_xxx.com.cn.key;		#密码文件全路径

	ssl_session_cache    shared:SSL:1m;
	ssl_session_timeout  5m;

	ssl_ciphers  HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers  on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	location / {
		root   html;
		index  index.html index.htm;
	}
}

  5. 重新加载Nginx配置文件:./nginx -s reload

  6. 启动nginx:./nginx

avatar
文章
阅读
粉丝