nginx之https配置

参考文章：http://blog.csdn.net/weixin_35884835/article/details/52588157

1.在配置https之前，请先确认是否已经安装openssl

[root@localhost conf]# openssl version -a

出现以下情况，则表示该openssl已经安装，且较为安全(bult在2014之后的)

built on: Tue Sep 27 13:37:25 UTC 2016platform: linux-x86_64options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASMOPENSSLDIR: "/etc/pki/tls"engines:  dynamic 

若是未安装openssl，则执行以下命令

[root@localhost conf]# yum install openssl

再次进行升级

[root@localhost conf]# yum install openssl

2.生成证书

进入nginx所在目录

[root@localhost conf]# cd /usr/local/nginx/

创建服务器私钥，按要求填写即可

openssl genrsa -des3 -out server.key 1024

在加载SSL支持的Nginx并使用上述私钥时除去必须的口令

[root@localhost conf]# cp server.key server.key.org

[root@localhost conf]# cp server.key server.key.org

最后标记证书使用上述私钥和CSR

[root@localhost conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

3.配置nginx.conf，在http{}中配置即可，
[root@localhost conf]# vim nginx.conf
  #  # HTTPS server configuration  #  server {    listen       443;    server_name  192.168.100.169;  #  server {    listen       443;    server_name  192.168.100.169;    ssl                  on;    ssl_certificate      /usr/local/nginx/server.crt;    ssl_certificate_key  /usr/local/nginx/server.key;    ssl_session_timeout  5m;    #    ssl_protocols  SSLv2 SSLv3 TLSv1;    #    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;    #    ssl_prefer_server_ciphers   on;    location / {      root   /data/wwwroot/default;      index  testssl.html index.html index.htm index.php;      proxy_redirect off;      proxy_set_header Host $host;      proxy_set_header X-Real-IP $remote_addr;      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;      proxy_pass http://192.168.100.169/;    }    location ~ /services/.*$ {        if ($server_port ~ "^80$"){            set $rule_0 1$rule_0;        }        if ($rule_0 = "1"){            rewrite /(.*) https://192.168.100.169/$1 permanent;                       break;        }    }  }

4.访问https://IP地址(https://192.168.100.169),成功的话，如下图所示: