葛廷彬的学习博客

记录学习工作中碰到的问题

https配置

 

[root@localhost #]# vi /etc/nginx/nginx.conf
[root@localhost ~]#chmod -R 777 /mnt
[root@localhost ~]#service nginx restart
[root@localhost ~]#mkdir /home/ssl
[root@localhost ~]#chmod -R 777 /home/ssl
[root@localhost ~]#cd /home/ssl

[root@localhost ssl]#openssl genrsa -des3 -out server.key 1024  #创建服务器私钥,命令会让你输入一个口令:
创建签名请求的证书(CSR):
[root@localhost ssl]# openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [XX]:ch                                            #国家名称(2个字母代码
State or Province Name (full name) []:shandong                                #州或省名称(全名)
Locality Name (eg, city) [Default City]:jinan                                    #地点名称(例如,城市)[默认城市]
Organization Name (eg, company) [Default Company Ltd]:shandongdaxiang            #组织名称(例如,公司)
Organizational Unit Name (eg, section) []:diaoyouhui                            #组织单位名称(例如,部分)
Common Name (eg, your name or your server''s hostname) []: diaoyouhui.cn       #公用名(例如,您的名称或您的服务器的主机名
Email Address []:getingbin@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
[root@localhost ssl]#cp server.key server.key.org
[root@localhost ssl]#openssl rsa -in server.key.org -out server.key

配置nginx
最后标记证书使用上述私钥和CSR:
[root@localhost ssl]#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
修改Nginx配置文件,让其包含新标记的证书和私钥:
[root@localhost ]# vi /etc/nginx/nginx.conf


         server
        {
                listen       443;
                server_name  www.diaoyouhui.cn;
                index index.php index.html index.htm;
                root  /home/www;
                server_tokens off;
                access_log  /var/log/nginx/haoyue_access.log;

  ssl on;
                ssl_certificate /home/ssl/diaoyouhui.crt;
                ssl_certificate_key /home/ssl/diaoyouhui.pem;
  ssl_session_timeout  5m;
                ssl_protocols  SSLv2 SSLv3 TLSv1;
                ssl_ciphers  HIGH:!aNULL:!MD5;
                ssl_prefer_server_ciphers   on;
          }


[root@localhost ~]#service iptables stop    #关闭防火墙
[root@localhost ~]#service nginx restart   #重启nginx。
这样就可以通过以下方式访问:
https://diaoyouhui.cn
另外还可以加入如下代码实现80端口重定向到443
server {
listen 80;
server_name diaoyouhui.cn;
rewrite ^(.*) https://diaoyouhui.cn permanent;
}
----------------------------------------------------------------------------------------
http://kong.xiaozaoapp.com/
http://dingding1.xiaozaoapp.com/

http://haoyue1.xiaozaoapp.com/
https://www.diaoyouhui.cn/


发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Powered By Z-BlogPHP 1.5.2 Zero

鲁ICP备19064028号 13658636711 getingbin@126.com