nginx 配飾ssl證書
阿新 • • 發佈:2020-11-05
1、443埠配置
server {
listen 443 ssl;
server_name www.test.com;
ssl_certificate /usr/local/nginx/cert/test.pem;
ssl_certificate_key /usr/local/nginx/cert/test1.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
……
}
2、80埠轉443埠
server{ listen 80; server_name www.test.com; rewrite ^(.*)$ https://$host$1 permanent; }
3、其他埠支援https配置
server { listen 8101 ssl; server_name 127.0.0.1; # 預設首頁 index index.html; ssl_certificate /usr/local/nginx/cert/test.pem; ssl_certificate_key /usr/local/nginx/cert/test1.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; }
備註:
1、test.key檔案生成時可能會被加密碼,nginx每次啟動都需要輸入密碼,這時候需要轉成無密碼檔案,執行下面命令會讓輸入密碼,輸入密碼後操作完成
openssl rsa -in test.key -out test1.key
2、如果拿到的是cer檔案可以用下面命令來轉換成pem檔案
openssl x509 -in test.cer -out test.pem