nginx添加ssl证书认证

让nginx支持ssl证书认证首先安装上openssl,然后执行以下命令:

openssl genrsa -out sim.key 1024
openssl req -new -key sim.key -out sim.csr
openssl x509 -req -days 365 -in sim.csr -signkey sim.key -out mall.crt

 

这样就已经生成完密钥和证书,然后再nginx相应的server配置中加入:

ssl on;
ssl_certificate ssl_key/sim.crt;
ssl_certificate_key ssl_key/sim.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

 

配置完之后重启nginx即可.如果需要把http直接跳转到https的话需要在配置文件中加入:

if ($server_port ~ "^80$")
{
    set $rule_0 1$rule_0; 
}
if ($rule_0 = "1")
{
    rewrite /(.*) https://yourdomain.com/$1permanent; 
    break; 
}

 


你可能感兴趣的:(nginx)