nginx配置https【轉】
阿新 • • 發佈:2019-02-17
nginx要實現ssl,在編譯時要新增--with-http_ssl_module,如:
./configure --with-http_ssl_module
#cd /usr/local/nginx/conf
#mkdir ssl
#cd ssl
生成一個私有key
# openssl genrsa -des3 -out aoshiwei.com.key 1024
提示輸入密碼
生成CSR(Certificate Signing Request)檔案:
# openssl req -new -key aoshiwei.com.key -out aoshiwei.com.csr
填寫證書內容,組織機構、域名等,Common Name填寫域名
# cp aoshiwei.com.key aoshiwei.com.key.bak
# openssl rsa -in aoshiwei.com.key.bak -out aoshiwei.com.key
# openssl x509 -req -days 365 -in aoshiwei.com.csr -signkey aoshiwei.com.key -out aoshiwei.com.crt
在nginx.conf中新增:
./configure --with-http_ssl_module
#cd /usr/local/nginx/conf
#mkdir ssl
#cd ssl
生成一個私有key
# openssl genrsa -des3 -out aoshiwei.com.key 1024
提示輸入密碼
生成CSR(Certificate Signing Request)檔案:
# openssl req -new -key aoshiwei.com.key -out aoshiwei.com.csr
填寫證書內容,組織機構、域名等,Common Name填寫域名
# cp aoshiwei.com.key aoshiwei.com.key.bak
# openssl rsa -in aoshiwei.com.key.bak -out aoshiwei.com.key
# openssl x509 -req -days 365 -in aoshiwei.com.csr -signkey aoshiwei.com.key -out aoshiwei.com.crt
在nginx.conf中新增:
- server {
- ### server port and name ###
- listen 443 ssl;
- server_name member.aoshiwei.com;
- ssl on;
- ### SSL log files ###
- access_log logs/ssl-access.log;
- error_log logs/ssl-error.log;
- ### SSL cert files ###
- ssl_certificate ssl/aoshiwei.com.crt;
- ssl_certificate_key ssl/aoshiwei.com.key;
- ### Add SSL specific settings here ###
- keepalive_timeout 60;
- ### Limiting Ciphers ########################
- # Uncomment as per your setup
- #ssl_ciphers HIGH:!ADH;
- #ssl_perfer_server_ciphers on;
- #ssl_protocols SSLv3;
- ##############################################
- ### We want full access to SSL via backend ###
- location / {
- proxy_pass http://member.aoshiwei.com;
- ### force timeouts if one of backend is died ##
- proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
- ### Set headers ####
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- ### Most PHP, Python, Rails, Java App can use this header ###
- proxy_set_header X-Forwarded-Proto https;
- ### By default we don't want to redirect it ####
- proxy_redirect off;
- }
- }