nginx搭建https服务器

http默然端口：80
https默然端口：443

   301 redirect: 301 代表永久性转移(Permanently Moved)
   302 redirect: 302 代表暂时性转移(Temporarily Moved )

ubuntu 写shell用 #!/bin/bash
centos 写shell用 #!/bin/sh

1、首先要有nginx
2、生成证书

#1.创建服务器证书密钥文件 server.key：
openssl genrsa -des3 -out server.key 1024

#2.创建服务器证书的申请文件 server.csr
openssl req -new -key server.key -out server.csr

#3.备份一份服务器密钥文件
mv server.key server.origin.key

#4.去除文件口令
openssl rsa -in server.origin.key -out server.key

#5.生成证书文件server.crt
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

echo "Copy server.crt to /etc/nginx/ssl/server.crt"
echo "Copy server.key to /etc/nginx/ssl/server.key"
echo "Add configuration in nginx:"
echo "server {"
echo "    ..."
echo "    listen 443 ssl;"
echo "    ssl_certificate     /etc/nginx/ssl/server.crt;"
echo "    ssl_certificate_key /etc/nginx/ssl/server.key;"
echo "}"

3、可参考：http://www.cnblogs.com/jingxiaoniu/p/6745254.html
4、生成完证书后，且拷贝到相应目录下后，配置nginx下的配置文件即可

upstream webservice{
    ip_hash;
    server 127.0.0.1:80001;
    server xx.xx.xx.xx:80001;
#这里设置负载均衡
}
upstream fish{
    ip_hash;
    server 127.0.0.1:80002;
}

server {
    listen 80 default_server;
    #rewrite https://www.baidu.com/$request_uri permanent;
    return 301 https://xxx$request_uri;
}

server {

    listen 443 ssl;
    ssl_certificate     /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;
    
    root /xx/xx;

    index index.php index.html index.htm;

    server_name localhost;

    location / {
        root /xx/xx/server/Web;
        index index.html;
    }
    location /admin {
        alias /xx/xx/server/admin/app/;
        index index.html;
    }
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

   location ~* /abc/w/(webservice|fish) {
        proxy_pass https://$1;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Host $host;
        #proxy_ssl on;
        proxy_ssl_certificate /etc/nginx/ssl/server.crt;
        proxy_ssl_certificate_key /etc/nginx/ssl/server.key;
        #proxy_ssl_verify on;
        proxy_ssl_session_reuse on;
   }
}

5、重启nginx即可