nginx配置https【转】
2017-08-10 13:24
309 查看
nginx要实现ssl,在编译时要添加--with-http_ssl_module,如:
./configure --with-http_ssl_module
#cd /usr/local/nginx/conf
#mkdir ssl
#cd ssl
生成一个私有key
# openssl genrsa -des3 -out aoshiwei.com.key 1024
提示输入密码
生成CSR(Certificate Signing Request)文件:
# openssl req -new -key aoshiwei.com.key -out aoshiwei.com.csr
填写证书内容,组织机构、域名等,Common Name填写域名
# cp aoshiwei.com.key aoshiwei.com.key.bak
# openssl rsa -in aoshiwei.com.key.bak -out aoshiwei.com.key
# openssl x509 -req -days 365 -in aoshiwei.com.csr -signkey aoshiwei.com.key -out aoshiwei.com.crt
在nginx.conf中添加:
[plain]
view plain
copy
server {
### server port and name ###
listen 443 ssl;
server_name member.aoshiwei.com;
ssl on;
### SSL log files ###
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;
### SSL cert files ###
ssl_certificate ssl/aoshiwei.com.crt;
ssl_certificate_key ssl/aoshiwei.com.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
### Limiting Ciphers ########################
# Uncomment as per your setup
#ssl_ciphers HIGH:!ADH;
#ssl_perfer_server_ciphers on;
#ssl_protocols SSLv3;
##############################################
### We want full access to SSL via backend ###
location / {
proxy_pass http://member.aoshiwei.com;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
### Set headers ####
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded-Proto https;
### By default we don't want to redirect it ####
proxy_redirect off;
}
}
./configure --with-http_ssl_module
#cd /usr/local/nginx/conf
#mkdir ssl
#cd ssl
生成一个私有key
# openssl genrsa -des3 -out aoshiwei.com.key 1024
提示输入密码
生成CSR(Certificate Signing Request)文件:
# openssl req -new -key aoshiwei.com.key -out aoshiwei.com.csr
填写证书内容,组织机构、域名等,Common Name填写域名
# cp aoshiwei.com.key aoshiwei.com.key.bak
# openssl rsa -in aoshiwei.com.key.bak -out aoshiwei.com.key
# openssl x509 -req -days 365 -in aoshiwei.com.csr -signkey aoshiwei.com.key -out aoshiwei.com.crt
在nginx.conf中添加:
[plain]
view plain
copy
server {
### server port and name ###
listen 443 ssl;
server_name member.aoshiwei.com;
ssl on;
### SSL log files ###
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;
### SSL cert files ###
ssl_certificate ssl/aoshiwei.com.crt;
ssl_certificate_key ssl/aoshiwei.com.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
### Limiting Ciphers ########################
# Uncomment as per your setup
#ssl_ciphers HIGH:!ADH;
#ssl_perfer_server_ciphers on;
#ssl_protocols SSLv3;
##############################################
### We want full access to SSL via backend ###
location / {
proxy_pass http://member.aoshiwei.com;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
### Set headers ####
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
proxy_set_header X-Forwarded-Proto https;
### By default we don't want to redirect it ####
proxy_redirect off;
}
}
相关文章推荐
- 为nginx配置https并自签名证书
- nginx配置https
- nginx配置正向代理支持HTTPS
- nginx1.6.2+tomcat8.0.36 配置https
- Windows下Nginx配置SSL实现Https访问(包含证书生成)
- nginx使用ssl模块配置支持HTTPS访问 AND 开启gzip
- 配置nginx https wss
- Nginx配置https访问
- 在ubuntu上安装和配置nginx https站点
- nginx使用ssl模块配置支持HTTPS访问的方法
- nginx配置https
- nginx配置ssl成为简单的HTTPS服务器
- Nginx安装及配置免费HTTPS证书
- Nginx下https配置
- Nginx下配置网站ssl实现https访问
- <转载> nginx服务器安装及配置文件详解 https://segmentfault.com/a/1190000002797601
- https详细nginx配置
- nginx使用ssl模块配置HTTPS支持
- nginx配置HTTPS
- nginx 学习笔记(9) 配置HTTPS服务器--转载