CentOS under Nginx Support HTTPS protocol

1, the first configuration nginx and other plug-ins, this Google, a lot of configuration options.

2. Configure the server's certificate. The procedure is as follows:

[Email protected] ~]# cd/etc/pki/tls/certs [[email protected] certs]# MakeServer.key umask the ; /usr/bin/openssl genrsa-aes1282048>server.keygenerating RSA private key,2048BitLongModulus ..... ..... ..... ..... ... .. ................-.....-........++++++.............++++++e is61251(0x10001) Enter Pass phrase:# set passphraseverifying-Enter Pass phrase:# confirm# remove passphrase from private key[[email protected] certs]# OpenSSL RSA-inchServer.key-Out Server.key Enter pass phrase forserver.key:# input passphrasewriting RSA key[[email protected] certs]#[[email protected] certs]# MakeSERVER.CSR umask the ; /usr/bin/openssl Req-utf8-new-key Server.key-Out Server.csryou is about to being asked to enter information that'll be Incorporatedinto your certificate request. What's about-to-enter is called a distinguished Name or a DN. There is quite a few fields but can leave some blankfor some fields there would be a default value,if you enter'.'The field would be a left blank.-----Country Name (2Letter Code) [Xx]:cn #countryState or province name (full name) [e]:beijing #stateLocality name (eg, city) [Default city]:beijing #c Ityorganization name (eg, company) [Default company Ltd]:test #companyOrganizational Unit Name (eg, section) []:test Hah A #departmentCommon Name (eg, your server's hostname) []:www.test.com #server's Fqdnemail Address []:[email protected] # email Addressplease Enter the following'Extra'Attributesto be sent with your certificate Requesta challenge password []:# Enteran optional Company name []:# enter[ [Email protected] certs]#[[email protected] certs]# OpenSSL x509-inchServer.csr-out Server.crt-req-signkey Server.key-days3650Signature Oksubject=/c=cn/st=beijing/l=beijing/o=test/ou=test haha/cn=www.test.com,/emailaddress=[email protected]
Getting Private key[[email protected] certs]#chmod  -Server.*

3. Configure Nginx conf file

The Nginx of my test machine is installed in the/data/server/nginx directory, the configuration file is under the/data/server/nginx/conf/directory.

VI nginx.conf

The SSL section is configured as follows

    server {        #listen       ;        Listen         default_server;        Listen       443  SSL;        server_name  localhost;        Ssl_certificate      /etc/pki/tls/certs/server.crt;        Ssl_certificate_key  /etc/pki/tls/certs/server.key;        #charset Koi8-R;

Reload the configuration file.

4. Open the 443 port of CentOS with Iptables

VI /etc/sysconfig/iptables

Add a row

443 -j ACCEPT

Restart the Iptables service.

CentOS under Nginx Support HTTPS protocol