主机参考:VPS测评参考推荐/专注分享VPS服务器优惠信息!若您是商家可以在本站进行投稿,查看详情!此外我们还提供软文收录、PayPal代付、广告赞助等服务,查看详情! |
我们发布的部分优惠活动文章可能存在时效性,购买时建议在本站搜索商家名称可查看相关文章充分了解该商家!若非中文页面可使用Edge浏览器同步翻译!PayPal代付/收录合作 |
HTTPS的主要功能可以分为两种:一种是建立信息安全通道,保证数据传输的安全;另一个是确认网站的真实性。可以根据自己的需求选择购买SSL证书。接下来SSL证书申请指南分享Nginx关于搭建https服务器的教程。
1.创建SSL证书
1.1私钥的产生,OpenSSL gen RSA-des 3-out xn2.lqb.com.key 2048。该命令将生成一个2048位RSA私钥。使用DES3算法,私钥文件名可以任意命名。只需在Nginx配置中指定文件路径,系统会提示设置私钥密码。请设置密码并牢记在心。
[root @ Monitorssl]# OpenSSL genrsa-des 3-outx N2 . lqb . com 2048 generating rsaprivatekey,2048bitlongmodulus & # 8230…………………………。+++ ………………………………………………。+++EIS 65537(0x 010001)enterpassphraseforxn 2 . lqb . com:验证-Enterpassphraseforxn2.lqb.com:
1.2上面产生的密钥有密码。如果密码被删除,执行以下命令OpenSSL RSA-in xn2.lqb.com-outxn2.lqb.com _ no pwd . key
[root @ monitor SSL]# ls xn2.lqb.com[root @ monitor SSL]# opensslrsa-in xn 2 . lqb . com-outx N2 . lqb . com _ no pwd . key enterpassphraseforxn 2 . lqb . com:writing RSA key
1.3从生成的私钥生成证书请求文件CSR。OpenSSL RSA-in xn2.lqb.com-out xn2 . lqb . com _ no pwd . key
[root @ Monitorssl]# opensslrsa-in xn 2 . lqb . com-outx N2 . lqb . com _ no pwd . key enterpassphraseforxn 2 . lqb . com:writing rsakey[root @ Monitorssl]# opensslreq-new-keyxn2.lqb.com-outxn2.lqb.com.csr enterpassphraseforxn 2 . lqb . com:youreabouttobetoaskedtoenterinformations将被纳入您的rtificaterequest。whateyoureaboutto interriswhatiscalleddistinguishednameoradn。如果输入& # 8217;则需要几个fieldsbutyoucanleavesomebank for somefieldsherewillbeadefaultvalue。。’,thefieldwillbeleftblank。—–country name(2 letter code)[AU]:CN State or province name(full name)[Some-State]:上海LocalityName(如,city)[]:上海OrganizationName(如,company)[internetwidgistptyltd]:xn2 . lqb . com organization alunitname(如,section)[]:IT CommonName(如,serverfqdnoryourname)[]:xn2 . lqb . com EmailAddress[]:2223344@qq.com Pleaseenterthefollowing & # 8217;extra & # 8217attributes tosentwithyourcertificaterequest Achallengepassword[]:anoptioncompanyname[]:[root @ Monitorssl]# ls xn2 . lqb . com xn2 . lqb . com . csrxn2 . lqb . com _ no pwd . key
1.4.证书请求文件CSR文件必须由CA签名才能形成证书。你可以把这个CSR发到StartSSL(免费)、verisign(一大笔钱)等地方让他验证。也可以自己做CA,自己发证书。创建自签名CA证书。OpenSSL req-new-x509-days 3650-key xn2.lqb.com-out xn2.lqb.com.crt
[root @ Monitorssl]# opensslreq-new-x509-days 3650-keyxn 2 . lqb . com-out xn 2 . lqb . com . CRT xn 2 . lqb . com . csrxn 2 . lqb . com _ no pwd . key[root @ Monitorssl]# opensslreq-new-x509-days 3650-keyxn 2 . lqb . com _ no pwd . key-out xn 2 . lqb . com . CRTwhateyoureaboutto interriswhatiscalleddistinguishednameoradn。如果输入& # 8217;则需要几个fieldsbutyoucanleavesomebank for somefieldsherewillbeadefaultvalue。。’,thefieldwillbeleftblank。—–country name(2 letter code)[AU]:CN State or province name(full name)[Some-State]:上海LocalityName(如,city)[]:上海OrganizationName(如,company)[internetwidgistptyltd]:lqb . com OrganizationalUnitName(如,section)[]:IT CommonName(如,serverfqdnoryourname)[]:xn2 . lqb . com email address[]:[root @ Monitorssl]# ls xn2 . lqb . com xn 2 . lqb . com . crqb . com
2.配置nginx虚拟主机文件
[root@Monitorssl]#vim../server . conf server { listen 80;server _ name xn 2 . lqb . com;root/html/xn2;#rewrite^/(.*)$ https:xn3 . lqb . com/$ 1 permanent;地点/{ indexindex.html;# proxy _ cachemycache# proxy _ cache _ valid2003h# proxy _ cache _ valid30130210m# proxy _ cache _ validall1m# proxy _ cache _ use _ staleerrortimeouthttp _ 500 http _ 502 http _ 503;# # proxy _ pass http://192 . 168 . 180 . 9;# proxy _ set _ headerHost $ host# proxy _ set _ headerX-Real-IP $ remote _ addr;}地点/图片/{ indexindex.html;} }服务器{ listen *:443;server _ name xn 2 . lqb . com;sslon# # # bit虚拟主机开放ssl支持SSL _ certificate/usr/local/nginx/conf/server/SSL/xn2 . lqb . com . CRT;# # #为虚拟主机指定签名证书文件SSL _ certificate _ key/usr/local/nginx/conf/server/SSL/xn2 . lqb . com _ no pwd . key;# # #指定虚拟主机的私钥文件# # ssl _ session _ timeout5m# # # #客户端可以重用缓存中存储的会话参数time root/html/xn3;位置/图片/{ indexindex.html;} location/{ proxy _ pass http://192 . 168 . 180 . 23;proxy _ set _ headerHost $ hostproxy _ set _ headerX-Real-IP $ remote _ addr;} }
这几篇文章你可能也喜欢:
本文由主机参考刊发,转载请注明:Nginx构建https服务器的教程 https://zhujicankao.com/86280.html
评论前必须登录!
注册