nginx配置ssl

  • ssl脚本申请

#!/bin/bash if ! rpm -qa | grep -q "openssl\|openssl-devel" then yum install -y openssl openssl-devel fi src='/opt/nginx/conf' password='123456' Country='cn' Province='cq' City='cq' Company='test' Org='test' hostname='www.jforum.com' eAddress='xxx.qq.com' mkdir -p ${src}/ssl cd ${src}/ssl openssl genrsa -des3 -out server.key 1024 << EOF ${password} ${password} EOF openssl req -new -key server.key -out server.csr << EOF ${password} ${Country} ${Province} ${City} ${Company} ${Org} ${hostname} ${eAddress} ${password} ${Company} EOF openssl rsa -in server.key -out server_nopassword.key << EOF ${password} EOF openssl x509 -req -days 365 -in server.csr -signkey server_nopassword.key -out server.crt

#生成这4个文件 :server.crt  server.csr  server.key  server_nopassword.key
#脚本:需要手动输入4次密码。都是一样的

 

  • nginx配置
server {
        listen 80;
        server_name  test.com;
        index        index.html index.htm;
        rewrite ^/(.*)$ https://$server_name/$1 permanent;
}
server {
    listen       443 ssl;
    server_name  test.com;
    ssl_certificate      /opt/nginx/conf/ssl/server.crt; #主要是这两个文件
    ssl_certificate_key  /opt/nginx/conf/ssl/server_nopassword.key; #主要是这两个文件
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    location / {
        root /opt/nginx/html;
        index index.html index.htm;
    }
}

 

posted @ 2018-03-01 12:03  xgmxm  阅读(269)  评论(0编辑  收藏  举报