nginx配置https自建证书
最近需要给内部服务添加https支持,首先考虑使用自建的证书来实现https的配置
生成自建证书
# 创建文件夹存放证书文件
mkdir /etc/nginx/ssl
# 创建key和crt文件
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
# 执行上面命令会提示输入以下内容
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]: test
Organizational Unit Name (eg, section) []: devops
Common Name (e.g. server FQDN or YOUR name) []:www.example.com
Email Address []:xxx@xxx.com
证书创建输入内容讲解
Country Name (2 letter code) [AU]: 国家,这里CN代表中国
State or Province Name (full name) [Some-State]:省份
Locality Name (eg, city) []:城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]: 组织名
Organizational Unit Name (eg, section) []: 部门名
Common Name (e.g. server FQDN or YOUR name) []:需要配置https的网址
Email Address []:邮箱
配置示例
将配置文件保存在 /etc/nginx/conf.d/www.example.com.conf下
server {
listen 443;
server_name www.example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
return 404;
}
}
重启nginx
nginx -t
nginx -s reload
参考:
网友评论