nginx添加ssl证书认证
让nginx支持ssl证书认证首先安装上openssl,然后执行以下命令:
openssl genrsa -out sim.key 1024 openssl req -new -key sim.key -out sim.csr openssl x509 -req -days 365 -in sim.csr -signkey sim.key -out mall.crt
这样就已经生成完密钥和证书,然后再nginx相应的server配置中加入:
ssl on; ssl_certificate ssl_key/sim.crt; ssl_certificate_key ssl_key/sim.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on;
配置完之后重启nginx即可.如果需要把http直接跳转到https的话需要在配置文件中加入:
if ($server_port ~ "^80$") { set $rule_0 1$rule_0; } if ($rule_0 = "1") { rewrite /(.*) https://yourdomain.com/$1permanent; break; }
