基于openssl来生成ssl证书,及nginx如何配置ssl用https访问网站。
首页 /  linux开发 / ubuntu(linux)下nginx配置ssl(https)

0 222

ubuntu(linux)下nginx配置ssl(https)

基于openssl来生成ssl证书,及nginx如何配置ssl用https访问网站。

ubuntu(linux)下nginx配置ssl(https)_图一

主要命令步骤

cd /usr/local/nginx/conf/   //(注:这是我的nginx配置路径,你找你自己的进去)
sudo mkdir ssl //(注:用于存放证书的目录)
cd ssl
sudo openssl genrsa -des3 -out server.key 1024  //创建服务器私钥1024也可用2048 这个是指密钥长度 2048相对更安全点但是服务器计算量也就多了点
sudo openssl req -new -key server.key -out server.csr //创建签名请求的证书(CSR)
sudo openssl rsa -in server.key -out server_nopwd.key  //在加载SSL支持的Nginx并使用上述私钥时除去必须的口令就是生成一个不需要密码的key(一般web用这个如果是双像验证像银行的网银之类的需要带密码的)
sudo openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt //标记证书使用上述私钥和CSR及有效期

//主要那几个命令证书就生成完成了,下面讲下生成证书时需要你填写的密码及基本信息项

具体步骤 1

zhangyang@ubuntu:/usr/local/nginx/conf/ssl$ sudo openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..........................................................................................+++
...................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:←输入一个密码

具体步骤 2

zhangyang@ubuntu:/usr/local/nginx/conf/ssl$ sudo openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN ←输入国家代码  
State or Province Name (full name) [Some-State]:JIANG SU ← 输入省名 
Locality Name (eg, city) []:NAN JING ←输入城市名
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Datatech ← 输入公司名
Organizational Unit Name (eg, section) []:R&D ← 输入组织单位名
Common Name (e.g. server FQDN or YOUR name) []:www.phpmyadmin.com ← 输入主机名
Email Address []:542736039@qq.com ←输入电子邮箱地址 

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ← 回车
An optional company name []: ← 回车

nginx配置

server {
        listen       127.0.0.1:443;
        server_name  dbadmin.erlyun..com;

        ssl on;
	ssl_certificate ssl/server.crt;
        ssl_certificate_key ssl/server_nopwd.key;

        access_log  /var/log/nginx/adadmin.access.log;

        location / {
            root   /var/www/dbadmin;
            index  index.html index.htm index.php;
        }

        location ~ .php$ {
           fastcgi_pass   127.0.0.1:9000;
           #fastcgi_pass   unix:/tmp/php-fpm_dbhhx.sock;
           #fastcgi_pass   php_servers;
           fastcgi_index  index.php;
           error_page  404  /404.html;
           fastcgi_param  SCRIPT_FILENAME  /var/www/dbadmin$fastcgi_script_name;
          include /usr/local/nginx/conf/fastcgi_params;
     }
}

server{
      listen 127.0.0.1:80;
      server_name dbadmin.erlyun.com;
      rewrite ^(.*) https://dbadmin.erlyun.com$1 permanent;
}

[来源] http://yuanmouren.erlyun.com/p.php?id=44

[声明] 本站资源来自用户分享,如损害你的权益请联系客服QQ:120074275给予处理。

容若 2018-01-19 13:25
10
送花
20积分一朵