Mac环境下nginx https配置

假设生成证书的目录为 /data/crt，生成操作完成后，/data/crt/下将会生成以下文件：

private.key
server.crt
server.csr
server.key

1、生成私钥

> openssl genrsa -des3 -out private.key 2048 

2、生成证书请求

> openssl req -new -key private.key -out server.csr 

3、生成服务器的私钥，去除密钥口令

> openssl rsa -in private.key -out server.key

4、使用私钥为证书请求签名，生成给服务器签署的证书，格式是x509的PEM格式

> sudo openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650

5、nginx配置

server {
    listen 80;  # http端口监听
    listen 443; # https端口监听

    server_name www.test.com;
    index index.html index.htm index.php;

    # ssl配置
    ssl on;
    ssl_certificate /data/crt/server.crt;
    ssl_certificate_key /data/crt/server.key;

    location / {
        rewrite . /index.php last;
    }

    location = /index.php {
        include fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME /data/www/blog/index.php;
        fastcgi_param SCRIPT_NAME /data/www/blog/index.php;
    }
}