LNMP之Https配置

实验环境：
L：Linux（centos 7.6） http://mirrors.cqu.edu.cn/CentOS/7.6.1810/isos/x86_64/
N：Nginx（1.12.2） https://nginx.org/en/download.html
M：MySQL（5.6.48） https://dev.mysql.com/downloads/mysql/5.6.html#downloads
P：PHP（7.2.15） http://php.net/downloads.php
Worldpress（5.0.3）：https://cn.wordpress.org/download/
部署规划：
172.24.77.241(sr1.dj.com)：Nginx php-fpm 运行web服务
172.24.77.242(sr2.dj.com)：运行MySQL数据库
自签名证书-自签名CA证书
#cd /apps/nginx/
#mkdir certs
#cd certs/
#openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SZ
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:JAY
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:jay.ca
Email Address []:[email protected]

自制key和csr文件
#openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.silence.net.key -out www.silence.net.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SZ
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:JAY
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:jay.ca
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

签发证书
#openssl x509 -req -days 3650 -in www.silence.net.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.silence.net.crt


Nginx证书配置
#vim /apps/nginx/conf/nginx.conf
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.silence.net.crt;
ssl_certificate_key /apps/nginx/certs/www.silence.net.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;

重启Nginx
#killall nginx
#/apps/nginx/sbin/nginx

测试访问https
https://www.silence.net/