CENTOS6.5 Nginx 安装HTTPS服务

    一、安装SSL服务

    yum -y install openssl openssl-devel

    mkdir /etc/nginx/ssl
    cd /etc/nginx/ssl

    openssl genrsa -des3 -out phpwebhome.key 1024
    openssl rsa -in phpwebhome.key -out phpwebhomenopass.key #拷贝一个不需要输入密码的密钥文件
    openssl req -new -key phpwebhomenopass.key -out phpwebhome.csr #生成一个无密码证书请求
    openssl x509 -req -days 365 -in phpwebhome.csr -signkey phpwebhomenopass.key -out phpwebhome.crt #自己签发无密码证书

    iptables -I INPUT -p tcp --dport 443 -j ACCEPT #开启防火墙443端口
    service iptables save
    service iptables restart

    二、修改Nginx站点配置文件

    server {
    listen 443;
    server_name www.phpwebhome.com;
    ssl on;
    ssl_certificate /etc/nginx/ssl/phpwebhome.crt;
    ssl_certificate_key /etc/nginx/ssl/phpwebhomenopass.key;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;

    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
    root /home/www/html;
    index index.php index.html index.htm;
    }

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    root /home/www/html;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PHP_VALUE "open_basedir=$document_root:/tmp/";
    include fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    # deny all;
    #}
    }

    转载请注明:RAIN MAN » CENTOS6.5 Nginx 安装HTTPS服务

    喜欢 0
标签: , , ,

还没有人抢沙发呢~