Nginx构建https服务器的教程

HTTPS的主要功能可以分为两种:一种是建立信息安全通道，保证数据传输的安全；另一个是确认网站的真实性。可以根据自己的需求选择购买SSL证书。接下来SSL证书申请指南分享Nginx关于搭建https服务器的教程。

1.创建SSL证书

1.1私钥的产生，OpenSSL gen RSA-des 3-out xn2.lqb.com.key 2048。该命令将生成一个2048位RSA私钥。使用DES3算法，私钥文件名可以任意命名。只需在Nginx配置中指定文件路径，系统会提示设置私钥密码。请设置密码并牢记在心。

[root @ Monitorssl]# OpenSSL genrsa-des 3-outx N2 . lqb . com 2048 generating rsaprivatekey，2048bitlongmodulus & # 8230…………………………。+++ ………………………………………………。+++EIS 65537(0x 010001)enterpassphraseforxn 2 . lqb . com:验证-Enterpassphraseforxn2.lqb.com:

1.2上面产生的密钥有密码。如果密码被删除，执行以下命令OpenSSL RSA-in xn2.lqb.com-outxn2.lqb.com _ no pwd . key

[root @ monitor SSL]# ls xn2.lqb.com[root @ monitor SSL]# opensslrsa-in xn 2 . lqb . com-outx N2 . lqb . com _ no pwd . key enterpassphraseforxn 2 . lqb . com:writing RSA key

1.3从生成的私钥生成证书请求文件CSR。OpenSSL RSA-in xn2.lqb.com-out xn2 . lqb . com _ no pwd . key

[root @ Monitorssl]# opensslrsa-in xn 2 . lqb . com-outx N2 . lqb . com _ no pwd . key enterpassphraseforxn 2 . lqb . com:writing rsakey[root @ Monitorssl]# opensslreq-new-keyxn2.lqb.com-outxn2.lqb.com.csr enterpassphraseforxn 2 . lqb . com:youreabouttobetoaskedtoenterinformations将被纳入您的rtificaterequest。whateyoureaboutto interriswhatiscalleddistinguishednameoradn。如果输入& # 8217；则需要几个fieldsbutyoucanleavesomebank for somefieldsherewillbeadefaultvalue。。’，thefieldwillbeleftblank。—–country name(2 letter code)[AU]:CN State or province name(full name)[Some-State]:上海LocalityName(如，city)[]:上海OrganizationName(如，company)[internetwidgistptyltd]:xn2 . lqb . com organization alunitname(如，section)[]:IT CommonName(如，serverfqdnoryourname)[]:xn2 . lqb . com EmailAddress[]:2223344@qq.com Pleaseenterthefollowing & # 8217；extra & # 8217attributes tosentwithyourcertificaterequest Achallengepassword[]:anoptioncompanyname[]:[root @ Monitorssl]# ls xn2 . lqb . com xn2 . lqb . com . csrxn2 . lqb . com _ no pwd . key

1.4.证书请求文件CSR文件必须由CA签名才能形成证书。你可以把这个CSR发到StartSSL(免费)、verisign(一大笔钱)等地方让他验证。也可以自己做CA，自己发证书。创建自签名CA证书。OpenSSL req-new-x509-days 3650-key xn2.lqb.com-out xn2.lqb.com.crt

[root @ Monitorssl]# opensslreq-new-x509-days 3650-keyxn 2 . lqb . com-out xn 2 . lqb . com . CRT xn 2 . lqb . com . csrxn 2 . lqb . com _ no pwd . key[root @ Monitorssl]# opensslreq-new-x509-days 3650-keyxn 2 . lqb . com _ no pwd . key-out xn 2 . lqb . com . CRTwhateyoureaboutto interriswhatiscalleddistinguishednameoradn。如果输入& # 8217；则需要几个fieldsbutyoucanleavesomebank for somefieldsherewillbeadefaultvalue。。’，thefieldwillbeleftblank。—–country name(2 letter code)[AU]:CN State or province name(full name)[Some-State]:上海LocalityName(如，city)[]:上海OrganizationName(如，company)[internetwidgistptyltd]:lqb . com OrganizationalUnitName(如，section)[]:IT CommonName(如，serverfqdnoryourname)[]:xn2 . lqb . com email address[]:[root @ Monitorssl]# ls xn2 . lqb . com xn 2 . lqb . com . crqb . com

2.配置nginx虚拟主机文件

[root@Monitorssl]#vim../server . conf server { listen 80；server _ name xn 2 . lqb . com；root/html/xn2；#rewrite^/(.*)$ https:xn3 . lqb . com/$ 1 permanent；地点/{ indexindex.html；# proxy _ cachemycache# proxy _ cache _ valid2003h# proxy _ cache _ valid30130210m# proxy _ cache _ validall1m# proxy _ cache _ use _ staleerrortimeouthttp _ 500 http _ 502 http _ 503；# # proxy _ pass http://192 . 168 . 180 . 9；# proxy _ set _ headerHost $ host# proxy _ set _ headerX-Real-IP $ remote _ addr；}地点/图片/{ indexindex.html；} }服务器{ listen *:443；server _ name xn 2 . lqb . com；sslon# # # bit虚拟主机开放ssl支持SSL _ certificate/usr/local/nginx/conf/server/SSL/xn2 . lqb . com . CRT；# # #为虚拟主机指定签名证书文件SSL _ certificate _ key/usr/local/nginx/conf/server/SSL/xn2 . lqb . com _ no pwd . key；# # #指定虚拟主机的私钥文件# # ssl _ session _ timeout5m# # # #客户端可以重用缓存中存储的会话参数time root/html/xn3；位置/图片/{ indexindex.html；} location/{ proxy _ pass http://192 . 168 . 180 . 23；proxy _ set _ headerHost $ hostproxy _ set _ headerX-Real-IP $ remote _ addr；} }

这几篇文章你可能也喜欢：

• Nginx安装ssl证书实践教程（Nginx部署SSL证书）
• iis7下安装多域SSL证书图解教程（iis绑定二级域名）
• 在cPanel主机上安装ssl证书的教程（在本地计算机上安装SSL证书）
• ssl证书ip申请教程方法（免费SSL证书IP地址申请）
• SSL证书申请教程:如何验证域名所有权（验证域名所有权的方法）

本文由主机参考刊发，转载请注明：Nginx构建https服务器的教程 https://zhujicankao.com/86280.html