nginx中ssl模块

nginx的http的ssl模块

Module ngx_http_ssl_moduleTo reduce the processor load it is recommended to   .set the number of worker processes equal to the number of processors,   .enable keep-alive connections,   .enable the shared session cache,   .disable the built-in session cache,   .and possibly increase the session lifetime (by default, 5 minutes)

Example

worker_processes auto;http {...server {    listen              443 ssl;    keepalive_timeout   70;    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;    ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;    ssl_certificate     /usr/local/nginx/conf/cert.pem;    ssl_certificate_key /usr/local/nginx/conf/cert.key;    ssl_session_cache   shared:SSL:10m;    ssl_session_timeout 10m;    ...}

Example

一、生成证书# 1、首先，进入你想创建证书和私钥的目录，例如： cd /etc/nginx/# 2、创建服务器私钥，命令会让你输入一个口令：openssl genrsa -des3 -out server.key 1024# 3、创建签名请求的证书（CSR）：openssl req -new -key server.key -out server.csr# 4、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令：cp server.key server.key.orgopenssl rsa -in server.key.org -out server.key# 5、最后标记证书使用上述私钥和CSR：openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt二、配置http跳转    server {        listen       443 ssl;        ssl_certificate      /etc/nginx/server.crt;        ssl_certificate_key  /etc/nginx/server.key;        ssl_session_timeout  5m;        location / {            root   html;        }    }    server {        listen       80;        location ~ /services/.*$ {            if ($server_port ~ "^80$"){                set $rule_0 1$rule_0;            }            if ($rule_0 = "1"){                rewrite /(.*) https://IP地址/$1 permanent;                 }        }    }浏览器当访问http://ip/test地址跳转到https://ip/test

参考：
http://blog.csdn.net/weixin_35884835/article/details/52588157
http://www.linuxidc.com/Linux/2013-05/84477p2.htm