Centos下nginx支持https协议

浏览数:22 / 时间:2015年06月09日

1、首先配置nginx及其他插件,这个Google下,很多配置方案。

2、配置服务器的证书。操作步骤如下:

[root@localhost ~]# cd /etc/pki/tls/certs 
[root@localhost certs]# make server.key 
umask 77 ; /usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
......................................................++++++
.............++++++
e is 61251 (0x10001)
Enter pass phrase:# set passphrase
Verifying - Enter pass phrase:# confirm
# remove passphrase from private key
[root@localhost certs]# openssl rsa -in server.key -out server.key 
Enter pass phrase for server.key:# input passphrase
writing RSA key
[root@localhost certs]#
[root@localhost certs]# make server.csr 
umask 77 ; /usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ., the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #country
State or Province Name (full name) [e]:Beijing   #state
Locality Name (eg, city) [Default City]:Beijing  #city
Organization Name (eg, company) [Default Company Ltd]:Test   #company
Organizational Unit Name (eg, section) []:Test Haha   #department
Common Name (eg, your servers hostname) []:www.test.com   #servers FQDN
Email Address []:[email protected] # email address
Please enter the following extra attributes
to be sent with your certificate request
A challenge password []:# Enter
An optional company name []:# Enter
[root@localhost certs]#
[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=[email protected] 
Getting Private key
[root@localhost certs]# chmod 400 server.*

3、配置nginx的conf文件

我测试机器的nginx是安装在 /data/server/nginx目录下,配置文件在 /data/server/nginx/conf/目录下。

[root@localhost conf]# vi nginx.conf

ssl部分的配置如下

    server {
        #listen       80;
        listen       80 default_server;
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      /etc/pki/tls/certs/server.crt;
        ssl_certificate_key  /etc/pki/tls/certs/server.key;
        #charset koi8-r;

重新加载配置文件。

4、打开Centos自带iptables的443端口

[root@localhost conf]# vi /etc/sysconfig/iptables

增加一行

-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

重启iptables服务。

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。

标签: class style log com http si it 文件 la class style log com http si it 文件 la

相关文章

随机文章

您可能还喜欢

您可能还喜欢