openssl自签证书
1、安装nginx
yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel wget pcre pcre-devel
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar -zxvf nginx-1.14.2.tar.gz cd nginx-1.14.2 ./configure --with-http_stub_status_module --with-http_ssl_module make make install
检查Nginx的SSL模块
/usr/local/nginx/sbin/nginx -V
准备私钥和证书
创建私钥:
cd /usr/local/nginx
mkdir -p ssl
cd ssl/
openssl genrsa -des3 -out server.key 1024
ll
签发证书:
openssl req -new -key server.key -out server.csr
删除私钥口令:
cd /usr/local/nginx/ssl
cp server.key server.key.ori
openssl rsa -in server.key.ori -out server.key
生成使用签名请求证书和私钥生成自签证书:
开启Nginx SSL:
创建虚拟主机子目录:
mkdir -p /usr/local/nginx/conf/conf.d
# 精简主配置文件
cat >/usr/local/nginx/conf/nginx.conf<<EOF
user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include conf.d/*.conf;
}
EOF
启动nginx:
/usr/local/nginx/sbin/nginx
创建虚拟主机子配置文件:
cat >/usr/local/nginx/conf/conf.d/hack.conf<<EOF
server {
listen 443 ssl;
server_name www.hack.com;
ssl on;
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/server.key;
location / {
#定义站点目录
root /usr/local/nginx/html;
index index.php index.html index.htm;
}
}
EOF
重新加载配置文件:
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload
绑定windows的hosts:
10.0.0.43 www.hack.com
上传 hack.html 到/usr/local/nginx/html目录
rewrite跳转:
cat >/usr/local/nginx/conf/conf.d/hack.conf<<\EOF
server {
listen 80;
server_name www.hack.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name www.hack.com;
ssl on;
ssl_certificate /usr/local/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/nginx/ssl/server.key;
location / {
#定义站点目录
root /usr/local/nginx/html;
index index.php index.html index.htm;
}
}
EOF
重新加载配置文件:
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx -s reload