Nginx安裝HTTP SSL模塊基本配置

時間 2019-11-12

標籤 nginx 安裝 http ssl 模塊基本配置欄目 Nginx 简体版

原文原文鏈接

1、編譯安裝

[root@bogon nginx-1.6.2]# ./configure --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_gzip_static_module
[root@bogon nginx-1.6.2]# make
[root@bogon nginx-1.6.2]# make install

nginx默認安裝在 /usr/local/目錄下。html

2、生成SSL證書

[root@bogon ssl]# openssl req -new -key junglone.com.key -out junglone.com.csr
Enter pass phrase for junglone.com.key:
You are about to be asked to enter information that will be incorporated
  to your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:junglone.com
Organizational Unit Name (eg, section) []:junglone.com
Common Name (eg, your name or your server's hostname) []:junglone.com
Email Address []:admin@junglone.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@bogon ssl]# openssl rsa -in junglone.com.key -out junglone.com_nopass.key
Enter pass phrase for junglone.com.key:
writing RSA key
[root@bogon ssl]# ls
junglone.com.csr  junglone.com.key  junglone.com_nopass.key
[root@bogon ssl]# ll
總用量 12
-rw-r--r-- 1 root root 716 7月  22 13:17 junglone.com.csr
-rw-r--r-- 1 root root 891 7月  22 13:18 junglone.com.key
-rw-r--r-- 1 root root 963 7月  22 13:17 junglone.com_nopass.key
[root@bogon ssl]#

按照以上方式自行頒發的SSL證書是不受瀏覽器信任的。推薦使用受瀏覽器信任的StartSSL免費SSL證書。nginx

申請地址：https://startssl.com瀏覽器

3、Nginx配置

server {
        listen       443 ssl;
        server_name  localhost;

        ssl on;

        ssl_certificate /usr/local/nginx/ssl/1_junglone.com_bundle.crt;
        ssl_certificate_key /usr/local/nginx/ssl/junglone.com_nopass.key;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }