##创建证书存放目录:
mkdir /usr/local/nginx/ca
cd /usr/local/nginx/ca
##生成密钥文件key和csr文件:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
##生成服务器认证文件crt:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
mkdir /usr/local/nginx/ca
cd /usr/local/nginx/ca
##生成密钥文件key和csr文件:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
##生成服务器认证文件crt:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
server {
listen 443 ssl;
server_name localhost;
#ssl_certificate cert.pem;
#ssl_certificate_key cert.key;
ssl on;
ssl_certificate /usr/local/nginx/ca/server.crt;
ssl_certificate_key /usr/local/nginx/ca/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
access_log logs/443.access.log main;
location / {
root html;
index index.html index.htm;
rewrite ^(.*) http://www.bbb.com$1 permanent;
}
}
listen 443 ssl;
server_name localhost;
#ssl_certificate cert.pem;
#ssl_certificate_key cert.key;
ssl on;
ssl_certificate /usr/local/nginx/ca/server.crt;
ssl_certificate_key /usr/local/nginx/ca/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
access_log logs/443.access.log main;
location / {
root html;
index index.html index.htm;
rewrite ^(.*) http://www.bbb.com$1 permanent;
}
}