注意 : 一般是在负载均衡服务器上进行的
1.安装nginx
[root@oldboy /]# yum install -y nginx
2准备私钥和证书
2.1创建服务器私钥
[root@oldboy /]# mkdir /keyca && cd /keyca
[root@oldboy keyca]# openssl genrsa -des3 -out server.key 1024
2.2签发证书
[root@oldboy keyca]# openssl req -new -key server.key -out server.csr
2.3删除服务器私钥口令
[root@oldboy keyca]# cp server.key server.key.ori
2.4生成使用签名请求证书和私钥生成自签证书
[root@oldboy keyca]# openssl rsa -in server.key.ori -out server.key
3开启Nginx SSL 配置重定向80端口转443端口
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream backend01{
server 10.0.0.7 weight=1;
}
server {
listen 80;
server_name localhost;
location / {
rewrite ^/(.*) https://www.qstack.com.cn/$1 permanent;
}
}
server {
listen 443;
ssl on;
ssl_certificate /keyca/server.crt;
ssl_certificate_key /keyca/server.key;
server_name www.qstack.com.cn;
location / {
proxy_pass http://backend01;
proxy_set_header Host $host;
}
}
}