nginx 支持https访问

1，先确认nginx安装时已编译http_ssl模块。

　　就是执行nginx -V命令查看是否存在--with-http_ssl_module。如果没有，则需要重新编译nginx将该模块加入。yum安装的一般都编译进去了。源码编译二进制包安装的可能需要重新编译，然后make，但是不需要make install。

2，查看是否已经安装SSL。openssl version -a

3，生成SSL证书

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

#在nginx目录下创建ssl文件夹 cd /etc/pki mkdir nginx cd nginx #生成2048位的加密私钥 openssl genrsa -out server.key 2048 生成证书签名请求（CSR），这里需要填写许多信息 openssl req -new -key server.key -out server.csr 输出内容为： Enter pass phrase for root.key: ← 输入前面创建的密码 Country Name (2 letter code) [AU]:CN ← 国家代号，中国输入CN State or Province Name (full name) [Some-State]:BeiJing ← 省的全名，拼音 Locality Name (eg, city) []:BeiJing ← 市的全名，拼音 Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名 Organizational Unit Name (eg, section) []: ← 可以不输入 Common Name (eg, YOUR name) []: ← 服务器主机名，若填写不正确，浏览器会报告证书无效，但并 Email Address []:admin@mycompany.com ← 电子邮箱，可随意填 Please enter the following ‘extra’ attributes to be sent with your certificate request A challenge password []: ← 可以不输入 An optional company name []: ← 可以不输入生成类型为X509的自签名证书。   #有效期设置3650天，即有效期为10年 openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

4、修改Nginx配置文件

+ View Code?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83

# For more information on configuration, see: #   * Official English Documentation: http://nginx.org/en/docs/ #   * Official Russian Documentation: http://nginx.org/ru/docs/   user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid;   # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf;   events {     worker_connections 1024; }   http {     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                       '$status $body_bytes_sent "$http_referer" '                       '"$http_user_agent" "$http_x_forwarded_for"';       access_log  /var/log/nginx/access.log  main;       sendfile            on;     tcp_nopush          on;     tcp_nodelay         on;     keepalive_timeout   65;     types_hash_max_size 4096;       include             /etc/nginx/mime.types;     default_type        application/octet-stream;       # Load modular configuration files from the /etc/nginx/conf.d directory.     # See http://nginx.org/en/docs/ngx_core_module.html#include     # for more information.     include /etc/nginx/conf.d/*.conf;       server {         listen       80;         listen       [::]:80;         server_name  _;　　　　　#原目录名是html，是文件数据目录，修改为http，可以和https的数据目录做区分，也可以设置成一样的。　         root         /usr/share/nginx/http;           # Load configuration files for the default server block.         include /etc/nginx/default.d/*.conf;           error_page 404 /404.html;         location = /404.html {         }           error_page 500 502 503 504 /50x.html;         location = /50x.html {         }     }   # Settings for a TLS enabled server. #     server {         listen       443 ssl http2;         listen       [::]:443 ssl http2;         server_name  _;         root         /usr/share/nginx/https;           ssl_certificate "/etc/pki/nginx/server.crt";         ssl_certificate_key "/etc/pki/nginx/server.key";         ssl_session_cache shared:SSL:1m;         ssl_session_timeout  10m;         ssl_ciphers HIGH:!aNULL:!MD5;         ssl_prefer_server_ciphers on;           # Load configuration files for the default server block.         include /etc/nginx/default.d/*.conf;           error_page 404 /404.html;             location = /40x.html {         }           error_page 500 502 503 504 /50x.html;             location = /50x.html {         }     }   }

 

详细可参考以下博客：　　

https://www.cnblogs.com/bcodepod/p/15325522.html

https://cloud.tencent.com/developer/article/1151073