nginx启用ssl【nginx】
来源:互联网 发布:南京栖霞网络问政 编辑:程序博客网 时间:2024/06/07 22:59
作者:【吴业亮】云计算开发工程师
博客:http://blog.csdn.net/wylfengyujiancheng
1、制作ssl证书
# cd /etc/pki/tls/certs# make server.keyumask 77 ; \/usr/bin/openssl genrsa -aes128 2048 > server.keyGenerating RSA private key, 2048 bit long modulus......e is 65537 (0x10001)Enter pass phrase:# 输入密码Verifying - Enter pass phrase:#确认# 从private key 中删除密码# openssl rsa -in server.key -out server.keyEnter pass phrase for server.key:# input passphrasewriting RSA key# make server.csrumask 77 ; \/usr/bin/openssl req -utf8 -new -key server.key -out server.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN# 国家State or Province Name (full name) []:shanghai # 省Locality Name (eg, city) [Default City]: shanghai # 市Organization Name (eg, company) [Default Company Ltd]:openstack # 公司Organizational Unit Name (eg, section) []:Server World # 部门Common Name (eg, your name or your server's hostname) []:www.srv.world # 主机名Email Address []:xxx@srv.world # 邮箱Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:#回车An optional company name []:# Enter# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650Signature oksubject=/C=CN/ST=shanghai/L=shanghai/O=openstack/OU=computer/CN=www.openstack.com/emailAddress=example@openstack.comGetting Private key
2、修改配置文件 /etc/nginx/nginx.conf
# 在"server" 章节加入 server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl; server_name www.srv.world; root /usr/share/nginx/html; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE+RSAGCM:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL!eNull:!EXPORT:!DES:!3DES:!MD5:!DSS; ssl_certificate /etc/pki/tls/certs/server.crt; ssl_certificate_key /etc/pki/tls/certs/server.key;
4、重启服务
# systemctl restart nginx
配置防火墙
# firewall-cmd --add-service=https --permanent # firewall-cmd --reload
0 0
- nginx启用ssl【nginx】
- 【WDCP-Nginx】启用ssl证书
- nginx配置SSL启用HTTPS
- Nginx(Https) + Tomcat 启用 Https(SSL) 支持
- nginx启用ssl模块以支持https
- windows系统Nginx使用SSL 启用HTTPS
- nginx启用Userdir【nginx】
- nginx启用虚拟主机【nginx】
- nginx ssl
- Nginx ssl
- 在nginx上启用http2,开启ssl,开启HSTS
- 启用Nginx状态监控
- nginx启用php
- nginx信息功能启用
- 启用Nginx状态监控
- nginx https ssl
- nginx ssl 登陆配置
- nginx ssl 配置
- SSH框架搭建
- 零xml配置SpringMVC返回json数据
- 第一章安装OpenResty(Nginx+Lua)开发环境
- [时间序列分析][5]--非平稳时间序列模型与差分
- ZOJ 2224 Investment (完全背包)
- nginx启用ssl【nginx】
- OpenCV2学习(1)——显示图像
- Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.2:compile (default-compile)
- Python读写文件、对文件操作系统的操作
- Vuex学习笔记
- 数据结构OJ作业 二叉树
- mysql捕捉异常
- form表单中的input有哪些类型及其用途
- nginx启用Userdir【nginx】