Centos下nginx配置https证书的操作步骤

60次阅读
没有评论

共计 3159 个字符,预计需要花费 8 分钟才能阅读完成。

这篇文章主要讲解了“Centos 下 nginx 配置 https 证书的操作步骤”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着丸趣 TV 小编的思路慢慢深入,一起来研究和学习“Centos 下 nginx 配置 https 证书的操作步骤”吧!

1、首先配置 nginx 及其他插件,这个 Google 下,很多配置方案。

2、配置服务器的证书。操作步骤如下:

[root@localhost ~]# cd /etc/pki/tls/certs 

[root@localhost certs]# make server.key 

umask 77 ;

/usr/bin/openssl genrsa -aes128 2048 server.key

Generating RSA private key, 2048 bit long modulus

………………………………………………++++++

………….++++++

e is 61251 (0x10001)

Enter pass phrase:# set passphrase

Verifying – Enter pass phrase:# confirm

# remove passphrase from private key

[root@localhost certs]# openssl rsa -in server.key -out server.key 

Enter pass phrase for server.key:# input passphrase

writing RSA key

[root@localhost certs]#

[root@localhost certs]# make server.csr 

umask 77 ;

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter . , the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN #country

State or Province Name (full name) [e]:Beijing   #state

Locality Name (eg, city) [Default City]:Beijing  #city

Organization Name (eg, company) [Default Company Ltd]:Test   #company

Organizational Unit Name (eg, section) []:Test Haha   #department

Common Name (eg, your server s hostname) []:www.test.com   #server s FQDN

Email Address []:admin@test.com # email address

Please enter the following extra attributes

to be sent with your certificate request

A challenge password []:# Enter

An optional company name []:# Enter

[root@localhost certs]#

[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok

subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com 

Getting Private key

[root@localhost certs]# chmod 400 server.*

3、配置 nginx 的 conf 文件

#server {

#       listen 80;

#       server_name happy.cc.com;

#       rewrite ^(.*)$  permanent;

#      }

server {

       listen 80;

       listen 443 ssl;

       server_name happy.cc.com;

       location / {

       root   /data/www/cloud;

       index  index.html;                                                                                                                                                                                                                  

       }

       ssl on;

       ssl_certificate /data/webserver/nginx/conf/server.crt;

       ssl_certificate_key /data/webserver/nginx/conf/server.key;

       ssl_session_timeout 5m;

       ssl_protocols  SSLv3 TLSv1;

       ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

       ssl_prefer_server_ciphers   on;

       #autoindex on;

       location = /favicon.ico {

       log_not_found off;

       access_log off;

       }

       location ~ .php$ {

       root           /data/www/cloud;

       fastcgi_pass   unix:/tmp/php-cgi.sock;

       #fastcgi_pass   127.0.0.1:9000;

       fastcgi_index  index.php;

       fastcgi_param  SCRIPT_FILENAME  /data/www/cloud$fastcgi_script_name;

       include        fastcgi_params;

       }

       location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$

       {

       expires 30d;

       }

       location ~ .*.(js|css)?$

       {

       expires 1h;

       }

      access_log /data/log/nginx/happy.access.log access;

      error_log /data/log/nginx/happy.error.log warn;

     }

4、打开 iptables 的 443 端口

感谢各位的阅读,以上就是“Centos 下 nginx 配置 https 证书的操作步骤”的内容了,经过本文的学习后,相信大家对 Centos 下 nginx 配置 https 证书的操作步骤这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。这里是丸趣 TV,丸趣 TV 小编将为大家推送更多相关知识点的文章,欢迎关注!

正文完
 
丸趣
版权声明:本站原创文章,由 丸趣 2023-07-28发表,共计3159字。
转载说明:除特殊说明外本站除技术相关以外文章皆由网络搜集发布,转载请注明出处。
评论(没有评论)