nginx配置ssl注意事项

最近有个项目需要在nginx上配置ssl具体实施部署方法如下:
创建nginx证书配置目录

#mkdir -p /usr/local/nginx/conf/ssl

进入nginx配置文件目录/usr/local/nginx/ssl

#cd /usr/local/nginx/conf/ssl

在服务器上生成私钥

#openssl genrsa -out server.key 2048

生成csr文件

#openssl req -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:  自己需要ssl的域名
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

生成好csr文件后需要把这个文件提交给证书供应商让他们颁发证书。
证书颁发好之后需要把证书文件(server.cer)、server.key、server.csr这三个文件放到nginx ssl配置目录中
“/usr/local/nginx/conf/ssl“
在nginx.conf里配置ssl
server {
listen 443;
server_name www.xxx.com;
ssl on;
ssl_certificate /usr/local/nginx/conf/server.cer;
ssl_certificate_key /usr/local/nginx/conf/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / { root html; index index.html index.htm; }

}
重启nginx
爱慕尔商城
服装搭配
城市物语
穿衣搭配博客
服装搭配博客