Nginx的https证书配置
文章目录
下载nginx
wget http://nginx.org/download/nginx-1.19.6.tar.gz
解压nginx
tar -zxvf nginx-1.19.6.tar.gz
安装OpenSSL模块
yum -y install openssl openssl-devel
编译和安装nginx
cd nginx-1.19.6
./configure --with-http_ssl_module
make
# 如果以前安装过nginx 不需要执行make install,将objs/nginx替换到/usr/local/nginx/sbin/nginx
make install
测试nginx是否安装正确
/usr/local/nginx/sbin/nginx -t
https证书申请
略
配置https证书
cd /usr/local/nginx/conf/
vim nginx.conf
# 添加
server {
listen 443 ssl;
server_name xxx.xxx.com;#这里是证书对应的域名哦
ssl_certificate xxxxx.cer; #这里是证书路径,后缀是pem也可以,文件内容是-----BEGIN CERTIFICATE----- xxxx-----END CERTIFICATE-----
ssl_certificate_key xxxxx.key;#这里是证书key路径
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# 接下来是配置location等等信息 略了
}
启动nginx
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
浏览器访问
打开浏览器输入:https://xxx.xxx.com
如下图,看到证书(有效) 代表ok了