First, configure nginx support https protocol access
When compiled and installed nginx need to add the appropriate module and --with-http_ssl_module --with-http_gzip_static_module (to view the parameters can be compiled nginx / usr / local / nginx / sbin / nginx -V)
(Yum installation does not require)
Second, the firewall is turned on https protocol the default port 443
1, vi / etc / sysconfig / iptables # edit the firewall configuration file, add the following code:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT :! Wq # save and exit service iptables restart # restart firewall
2, or use firewall-cmd add firewall rules
firewall-cmd --add-port=443/tcp firewall-cmd --add-port=443/tcp --permanent
Third, create a https certificate
OpenSSL installed and openssl-devel ensure machine
yum install openssl openssl-devel #CentOS with yum command to install mkdir / etc / nginx / ssl # Create a certificate store directory cd / etc / nginx / ssl # enter the directory Create the server private key: openssl genrsa -des3 -out server.key 1024 # When prompted, enter the certificate password (ryz123) Create a certificate signing request (CSR): openssl req -new -key server.key -out server.csr # password set above (ryz123) # When prompted, enter the appropriate information Country Name (2 letter code) [XX]: cn # State State or Province Name (full name) []:shanxi #省份 Locality Name (eg, city) [Default City]:taiyuan #城市 Organization Name (eg, company) [Default Company Ltd]:3344 #公司 Organizational Unit Name (eg, section) []:yunwei #部门 Common Name (eg, your name or your server's hostname) []:3344 #主机名称 Email Address []:[email protected] #邮箱 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: When the request key certificate # 123456, CA certificate requires a password read An optional company name []: 3344 # company name, CA read the certificate when you need to enter a password openssl rsa -in server.key -out server_nopassword.key # key to decrypt openssl x509 -req -days 365 -in server.csr -signkey server_nopassword.key -out server.crt # marks the certificate using the private key (ryz123) and CSR [root@s2 ssl]# ls server.crt server.csr server.key server_nopassword.key [root@s2 ssl]# pwd /etc/nginx/ssl
Fourth, modify nginx configuration files, add website security verification (https)
server { listen 80; server_name www.3344.com; location / { the rewrite ^ $ https (*.): // $ $. 1 Host Permanent; # redirected to the http protocol https above } } server { listen 443 ssl; server_name www.3344.com; ssl_certificate "/etc/nginx/ssl/server.crt"; ssl_certificate_key " /etc/nginx/ssl/server_nopassword.key " ;
fastcgi_param $ HTTPS https if_not_empty; https automatically when there is # https protocol, otherwise ignore this parameter. root / var / www / html; }
Linux, nginx configuration access https protocol as above.