一、Nginx-HTTPS
#安装nginx时,需要将 --with-http_ssl_module模块开启
1.首先生成密钥和证书文件
#创建证书存放目录
mkdir /usr/local/nginx/conf/ssl/
#在刚才创建的目录中建立服务器私钥,RSA密钥
openssl genrsa -out ccku.key 1024
#生成csr文件;依次输入国家、地区、组织等
openssl req -new -key ccku.key -out ccku.csr
#生成签字证书
openssl x509 -req -days 365 -sha256 -in ccku.csr -signkey ccku.key -out ccku.crt
2.在对应要加密的server标签中添加:
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/ccku.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/ccku.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
二、设置http自动跳转https功能
1.将原有的server标签改为443端口
server {
listen 443;
server_name blog.ccku.cn;
……
}
2.新增server标签(虚拟主机+rewrite)
server {
listen 80;
server_name blog.ccku.cn
rewrite ^(.*)$ https://blog.ccku.cn permanent;
root html/blog;
index index.html
}
3.检查配置文件并重启服务验证
nginx -t
nginx -s reload
