NGINX重启HTTPS站点要Enter PEM pass phrase输入密码

openssl rsa -in server.key -out server.key.unsecure  

server.key.unsecure替换原来的KEY



nginx https/ssl 配置:

server
        {
        listen 443 ssl spdy;

        ssl on;
        ssl_certificate /www/1_xxxx_bundle.crt;
        ssl_certificate_key /www/xx.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
        ssl_session_cache builtin:1000 shared:SSL:10m;


                #error_page   404   /404.html;
        include enable-php.conf;
        server_name www.tongxinmao.com;
        index portal.php index.php default.html default.htm default.php;
        root  /www


        include dz.conf;
        #error_page   404   /404.html;
        location ~ [^/]\.php(/|$)
        {
            # comment try_files $uri =404; to enable pathinfo
            try_files $uri =404;
            fastcgi_pass  unix:/tmp/php-cgi.sock;
            fastcgi_index index.php;
            include fastcgi.conf;
            #include pathinfo.conf;
        }


        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }


        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }


        access_log  /home/wwwlogs/lnmp.log  access;
}


另外还可以加入如下代码实现80端口重定向到443

  1. server {
  2. listen 80;
  3. server_name xxx.com;
  4. rewrite ^(.*) https://$server_name$1 permanent;
  5. }


你可能感兴趣的:(HTTPS)