[root@localhost #]# vi /etc/nginx/nginx.conf
[root@localhost ~]#chmod -R 777 /mnt
[root@localhost ~]#service nginx restart
[root@localhost ~]#mkdir /home/ssl
[root@localhost ~]#chmod -R 777 /home/ssl
[root@localhost ~]#cd /home/ssl
[root@localhost ssl]#openssl genrsa -des3 -out server.key 1024 #创建服务器私钥,命令会让你输入一个口令:
创建签名请求的证书(CSR):
[root@localhost ssl]# openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [XX]:ch #国家名称(2个字母代码
State or Province Name (full name) []:shandong #州或省名称(全名)
Locality Name (eg, city) [Default City]:jinan #地点名称(例如,城市)[默认城市]
Organization Name (eg, company) [Default Company Ltd]:shandongdaxiang #组织名称(例如,公司)
Organizational Unit Name (eg, section) []:diaoyouhui #组织单位名称(例如,部分)
Common Name (eg, your name or your server''s hostname) []: diaoyouhui.cn #公用名(例如,您的名称或您的服务器的主机名
Email Address []:getingbin@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
[root@localhost ssl]#cp server.key server.key.org
[root@localhost ssl]#openssl rsa -in server.key.org -out server.key
配置nginx
最后标记证书使用上述私钥和CSR:
[root@localhost ssl]#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
修改Nginx配置文件,让其包含新标记的证书和私钥:
[root@localhost ]# vi /etc/nginx/nginx.conf
server
{
listen 443;
server_name www.diaoyouhui.cn;
index index.php index.html index.htm;
root /home/www;
server_tokens off;
access_log /var/log/nginx/haoyue_access.log;
ssl on;
ssl_certificate /home/ssl/diaoyouhui.crt;
ssl_certificate_key /home/ssl/diaoyouhui.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
[root@localhost ~]#service iptables stop #关闭防火墙
[root@localhost ~]#service nginx restart #重启nginx。
这样就可以通过以下方式访问:
https://diaoyouhui.cn
另外还可以加入如下代码实现80端口重定向到443
server {
listen 80;
server_name diaoyouhui.cn;
rewrite ^(.*) https://diaoyouhui.cn permanent;
}
----------------------------------------------------------------------------------------
http://kong.xiaozaoapp.com/
http://dingding1.xiaozaoapp.com/
http://haoyue1.xiaozaoapp.com/
https://www.diaoyouhui.cn/