产生证书文件:
openssl genrsa -des3 -out jack.key 2048
openssl req -new -key jack.key -out jack.csr
openssl req -new -x509 -days 3650 -key jack.key -out jack.crt
#passwd: passphrase
启动nginx 免密码,要重新 生成key文件
openssl rsa -in jack.key -out jack.key.passfree
nginx 配置:
server{
listen 443 ssl;
rewrite_log on;
ssl_certificate ××××/key/jack.crt;
ssl_certificate_key ××××/key/key_passfree/jack.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
}
#把 原来http 端口的请求 重定向到443 端口
server {
listen *:9999;
return 301 https://192.168.1.224$request_uri;
}
如果要同时支持 http 和https 则 复制一份 server
Nginx https 支持
猜你喜欢
转载自jacklin2015.iteye.com/blog/2353320
今日推荐
周排行