溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要講解了“Centos下nginx配置https證書的操作步驟”,文中的講解內容簡單清晰,易于學習與理解,下面請大家跟著小編的思路慢慢深入,一起來研究和學習“Centos下nginx配置https證書的操作步驟”吧!
1、首先配置nginx及其他插件,這個Google下,很多配置方案。
2、配置服務器的證書。操作步驟如下:
[root@localhost ~]# cd /etc/pki/tls/certs
[root@localhost certs]# make server.key
umask 77 ;
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
......................................................++++++
.............++++++
e is 61251 (0x10001)
Enter pass phrase:# set passphrase
Verifying - Enter pass phrase:# confirm
# remove passphrase from private key
[root@localhost certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:# input passphrase
writing RSA key
[root@localhost certs]#
[root@localhost certs]# make server.csr
umask 77 ;
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #country
State or Province Name (full name) [e]:Beijing #state
Locality Name (eg, city) [Default City]:Beijing #city
Organization Name (eg, company) [Default Company Ltd]:Test #company
Organizational Unit Name (eg, section) []:Test Haha #department
Common Name (eg, your server's hostname) []:www.test.com #server's FQDN
Email Address []:admin@test.com # email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:# Enter
An optional company name []:# Enter
[root@localhost certs]#
[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com
Getting Private key
[root@localhost certs]# chmod 400 server.*
3、配置nginx的conf文件
#server {
# listen 80;
# server_name happy.cc.com;
# rewrite ^(.*)$ permanent;
# }
server {
listen 80;
listen 443 ssl;
server_name happy.cc.com;
location / {
root /data/www/cloud;
index index.html;
}
ssl on;
ssl_certificate /data/webserver/nginx/conf/server.crt;
ssl_certificate_key /data/webserver/nginx/conf/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
#autoindex on;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~ .php$ {
root /data/www/cloud;
fastcgi_pass unix:/tmp/php-cgi.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/cloud$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*.(js|css)?$
{
expires 1h;
}
access_log /data/log/nginx/happy.access.log access;
error_log /data/log/nginx/happy.error.log warn;
}
4、打開iptables的443端口
感謝各位的閱讀,以上就是“Centos下nginx配置https證書的操作步驟”的內容了,經過本文的學習后,相信大家對Centos下nginx配置https證書的操作步驟這一問題有了更深刻的體會,具體使用情況還需要大家實踐驗證。這里是億速云,小編將為大家推送更多相關知識點的文章,歡迎關注!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
