nginx https

nginx ssl模块

[root@localhost nginx]# ./sbin/nginx -V
nginx version: nginx/1.16.1
configure arguments: --prefix=/data/app/nginx --with-http_ssl_module
#验证部署的nginx包换http_ssl_module。不然无法使用https

　　

SSL证书

获取的证书包含公共(. crt ) 和私有(. key ) 部分

然后放在服务器上的/dir/cert目录下

 

nginx配置

server {
        listen 443 ssl;
        server_name x.x.com;
	ssl_certificate /root/cert/pem;
        ssl_certificate_key /root/cert/key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        access_log  /data/...;
        root /data/app/nginx;

        location / {
        proxy_pass http://...;
        }
}