1. Configure the nginx Server
[Root @ iig conf] # cat nginx. conf
Worker_processes 1;
Events {
Worker_connections 1024;
}
Http {
Include mime. types;
Default_type application/octet-stream;
Sendfile on;
Keepalive_timeout 65;
Server {
Listen 80;
Server_name www.iigrowing.cn;
Location /{
Root www.iigrowing.cn;
Index index.html index.htm;
}
}
}
2. Generate a certificate
Enter the certificate directory cd/etc/pki/tls/certs/, create the certificate, and set the password.
Make rsyslog. key
[Root @ iig certs] # openssl rsa-in rsyslog. key-out rsyslog. key
Enter pass phrase for rsyslog. key:
Writing RSA key
[Root @ iig certs] #
3. Create certificate rsyslog. csr
During creation, you must note that you need to write the name of the computer, which can be viewed by hostname.
[Root @ iig certs] # hostname
Iig. local. ftp
[Root @ iig certs] # make rsyslog. csr
Umask 77 ;\
/Usr/bin/openssl req-utf8-new-key rsyslog. key-out rsyslog. csr
You are about to be asked to enter information that will be ininitialized
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
--
Country Name (2 letter code) [GB]: GB
State or Province Name (full name) [Berkshire]: beijing
Locality Name (eg, city) [Newbury]: beijing
Organization Name (eg, company) [My Company Ltd]: www.iigrowing.cn
Organizational Unit Name (eg, section) []: iigrowing
Common Name (eg, your name or your server's hostname) []: iig. local. ftp
Email Address []:
Please enter the following 'extra 'attributes
To be sent with your certificate request
A challenge password []:
An optional company name []:
4. Generate a certificate authority to issue a public key
Because the certificate is generated locally and is not issued by an Internet CA Certificate Authority, a browser warning will pop up during access. We can add it to the certificate trust authority.
[Root @ iig certs] #
[Root @ iig certs] # openssl x509-in rsyslog. csr-req-signkey rsyslog. key-days 365-out rsyslog. crt
Signature OK
Subject =/C = GB/ST = beijing/L = beijing/O = www.iigrowing.cn/ouw.iigrowing/cnw.iig.local.ftp
Getting Private key
[Root @ iig certs] #
5. Modify the nginx configuration file
Modify the configuration file. Note that we can copy the default ssl module to the virtual directory we created. Do not open it by default, and then modify the path. Is the complete configuration. Remember to restart the service.
Worker_processes 1;
Events {
Worker_connections 1024;
}
Http {
Include mime. types;
Default_type application/octet-stream;
Sendfile on;
Keepalive_timeout 65;
Server {
Listen 80;
Server_name www.iigrowing.cn;
Location /{
Root www.iigrowing.cn;
Index index.html index.htm;
}
}
Server {
Listen 443;
Server_name www.iigrowing.cn;
Ssl on;
Ssl_certificate/etc/pki/tls/certs/rsyslog. crt;
Ssl_certificate_key/etc/pki/tls/certs/rsyslog. key;
Ssl_session_timeout 5 m;
Ssl_protocols SSLv2 SSLv3 TLSv1;
Ssl_ciphers ALL :! ADH :! EXPORT56: RC4 + RSA: + HIGH: + MEDIUM: + LOW: + SSLv2: + EXP;
Ssl_prefer_server_ciphers on;
Location /{
Root www.iigrowing.cn;
Index index.html index.htm;
}
}
}
6. Test the https protocol
Create the.txt file in the following directory. The content is as follows:
Open your browser and enter the address: https://www.iigrowing.cn/a.txt
Display result