Ubuntu下配置Nginx HTTPS

在安装redmine的时候考虑到安全性的问题，所以决定使用nginx配置https连接。

如何安装redmine：http://blog.csdn.net/marujunyy/article/details/8865857

下面记录下Nginx配置HTTPS的方法：

1、首先确认Nginx支持OpenSSL模块 :     sudo  /opt/nginx/sbin/nginx  -V

nginx version: nginx/1.4.0built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) TLS SNI support enabledconfigure arguments: --prefix=/opt/nginx --with-http_ssl_module --with-http_gzip_static_module --with-cc-opt=-Wno-error --with-pcre=/tmp/root-passenger-19175/pcre-8.31 --add-module=/var/lib/gems/1.8/gems/passenger-3.0.19/ext/nginx

如果没有发现–with-http_ssl_module这个编译参数，说明不支持。Nginx默认是不支持SSL的，需要加入–with-http_ssl_module参数重新编译。

2、生成自签名证书：      sudo apt-get install openssl

cd /opt/nginx/confsudo openssl genrsa -des3 -out server.key 1024sudo openssl req -new -key server.key -out server.csrsudo openssl rsa -in server.key -out server_nopwd.keysudo openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt

我只在第一步生成server.key的时候设置了密码。我为了省事除了在需要验证密码的时候需要输入第一步设置的密码外，在其他的地方一路回车。当然你也可以输入详细的信息：

proto@ubuntu:~$ sudo openssl req -new -key server.key -out server.csrEnter pass phrase for server.key:   ←输入第一步中生成server.key时设置的密码You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:CN　←输入国家代码State or Province Name (full name) [Some-State]:CHONGQING　← 输入省名Locality Name (eg, city) []:CHONGQING　←输入城市名Organization Name (eg, company) [Internet Widgits Pty Ltd]:MIKE　← 输入公司名Organizational Unit Name (eg, section) []:MIKE　← 输入组织单位名Common Name (eg, YOUR name) []:www.mike.me　← 输入主机名Email Address []:easylife206@gmail.com　←输入电子邮箱地址

3、配置Nginx HTTPS访问：

   server {        listen       443;        server_name  192.168.1.112;        root /srv/www;        index index.php index.html index.htm;       location /redmine {           root /var;           passenger_enabled   on;           passenger_base_uri  /redmine;        }        location /phpmyadmin {           alias  /srv/www/phpmyadmin;        }        location ~ \.php$ {            fastcgi_pass   127.0.0.1:9000;            fastcgi_index  index.php;            fastcgi_param  SCRIPT_FILENAME  /srv/www/$fastcgi_script_name;            include        fastcgi_params;        }        ssl                  on;        ssl_certificate      /opt/nginx/conf/server.crt;        ssl_certificate_key  /opt/nginx/conf/server_nopwd.key;        rails_spawn_method smart;        rails_app_spawner_idle_time 0;        rails_framework_spawner_idle_time 0;        client_max_body_size 120m;    }

OK,然后我们重新加载下nginx配置文件：  sudo  /opt/nginx/sbin/nginx  -s  reload

现在我们输入：https://serverIP/redmine/login  就可以访问了：