nginx配置https
#yum install gcc gcc-c++ openssl openssl-devel
搭建nginx
#useradd www -s /sbin/nologin
#tar -zxf pcre-8.12.tar.gz
#cd pcre-8.12
#./configure
#make && make install
#cd ../nginx-1.7.1
#./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module
#make && make install
#cd /usr/local/nginx/conf
#openssl genrsa -des3 -out server.key 1024
//生成一个RSA密钥
#openssl req -new -key server.key -out server.csr
//生成一个证书请求(CSR)
#openssl rsa -in server.key -out server_nopwd.key
//拷贝一个不需要输入密码的密钥文件
#openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
//自己签发证书
配置nginx虚拟主机:
server {
listen 443;
server_name www.localhost.com;
index index.php index.html;
root /data/htdocs/localhost;
ssl on;
ssl_certificate /opt/nginx/conf/cert/server.crt;
ssl_certificate_key /opt/nginx/conf/cert/server_nopwd.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ \.php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
location ~ .*\.(js|css)?$ {
expires 1h;
}
access_log /data/logs/www/localhost_access.log www;
error_log /data/logs/www/localhost_error.log;
}将80端口跳转到443端口
server {
listen 80;
server_name www.localhost.com;
rewrite "^/(.*)$" https://www.localhost.com/$1 break;
}
浙公网安备 33010602011771号