1 Generate your own signature file
cd /usr/local/nginx/conf/
Create server private key
openssl genrsa -des3 -out server.key 1024
enter password
Create a csr certificate to sign the request
openssl req -new -key server.key -out server.csr
and type the mess
Loading Nginx with ssl support and using the private key is to remove the required password
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
Sign the certificate with the above private key and csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Modify the nginx configuration file and use ssl
upstream httpsceshi { #load balancing
server 127.0.0.1:8098;
}
server {
listen 443;
server_name ce.cctv.com;
autoindex is;
root html;
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;
location / { #reverse proxy
proxy_pass http://httpsceshi;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server { #这里做的是重定向
listen 80;
server_name ce.cctv.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
这个时候有可能会发现nginx没有安装ssl模块
./configure --with-http_ssl_module
make
make install
加上ssl模块
中途有可能要安装
yum -y install openssl openssl-devel
测试的时候,在自己的hosts文件中加入
192.168.1.223 ce.cctv.com 配置即可