Nginx配置https服務
檢查nginx是否支持配置:/usr/sbin/nginx -V
證書生成
1、免費證書可使用阿里云申請獲取
2、本地生成證書配置
本地證書生成
- 安裝openssl工具
ubuntu: sudo apt-get install libssl-dev centos: yum install openssl yum install openssl-devel
- 生成證書
1進入證書目錄
cd /etc/nginx/sslkey
2創建本地私有密鑰
openssl genrsa -out ssl.key 2048
3按提示輸入即可
openssl req -new -key ssl.key -out ssl.csr
4創建證書crt
openssl x509 -req -days 1460 -in ssl.csr -signkey ssl.key -out ssl.crt
5創建證書pem
openssl dhparam -out ssl.pem 2048
Nginx組態檔
server { listen 80; return 301 https://$host$request_uri; } server { listen 443; ssl_certificate /application/nginx/conf/cert/ssl.crt; ssl_certificate_key /application/nginx/conf/cert/ssl.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; }
- 檢查組態檔
/usr/sbin/nginx -t
- 加載組態檔
/usr/sbin/nginx -s reload
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/172503.html
標籤:其他
上一篇:Kubernetes K8S之存盤ConfigMap詳解
下一篇:Linux系統安裝Tomcat9