nginx配置ssl
- ssl脚本申请
#!/bin/bash if ! rpm -qa | grep -q "openssl\|openssl-devel" then yum install -y openssl openssl-devel fi src='/opt/nginx/conf' password='123456' Country='cn' Province='cq' City='cq' Company='test' Org='test' hostname='www.jforum.com' eAddress='xxx.qq.com' mkdir -p ${src}/ssl cd ${src}/ssl openssl genrsa -des3 -out server.key 1024 << EOF ${password} ${password} EOF openssl req -new -key server.key -out server.csr << EOF ${password} ${Country} ${Province} ${City} ${Company} ${Org} ${hostname} ${eAddress} ${password} ${Company} EOF openssl rsa -in server.key -out server_nopassword.key << EOF ${password} EOF openssl x509 -req -days 365 -in server.csr -signkey server_nopassword.key -out server.crt
#生成这4个文件 :server.crt server.csr server.key server_nopassword.key
#脚本:需要手动输入4次密码。都是一样的
- nginx配置
server { listen 80; server_name test.com; index index.html index.htm; rewrite ^/(.*)$ https://$server_name/$1 permanent; } server { listen 443 ssl; server_name test.com; ssl_certificate /opt/nginx/conf/ssl/server.crt; #主要是这两个文件 ssl_certificate_key /opt/nginx/conf/ssl/server_nopassword.key; #主要是这两个文件 ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /opt/nginx/html; index index.html index.htm; } }