|
Nginx配置https服务 检查nginx是否支持配置:/usr/sbin/nginx -V
证书生成 1、免费证书可使用阿里云申请获取 2、本地生成证书配置
本地证书生成
ubuntu: sudo apt-get install libssl-dev centos: yum install openssl yum install openssl-devel
1进入证书目录 cd /etc/nginx/sslkey
2创建本地私有密钥 openssl genrsa -out ssl.key 2048
3按提示输入即可 openssl req -new -key ssl.key -out ssl.csr
4创建证书crt openssl x509 -req -days 1460 -in ssl.csr -signkey ssl.key -out ssl.crt
5创建证书pem openssl dhparam -out ssl.pem 2048
Nginx配置文件 server { listen 80; return 301 https://$host$request_uri; } server { listen 443; ssl_certificate /etc/nginx/sslkey/ssl.crt; ssl_certificate_key /etc/nginx/sslkey/ssl.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; }
/usr/sbin/nginx -t
/usr/sbin/nginx -s reload
|
|
|
