1. Generate the key file:
OpenSSL genrsa-out Ssl.key 2048
#提示输入密码, return to the car temporarily.
#测试环境不要加密码, It's a hassle to enter a password every time you debug
2. Use key to generate a CSR file:
OpenSSL Req-new-key ssl.key-out SSL.CSR
#测试环境, a prompt to enter the way
3. Issue certificates with CSR files, key files
OpenSSL x509-req-days 365-in ssl.csr-signkey ssl.key-out ssl.crt
#生成一个ssl. CRT Certificate Files
4. Modify NGINX configuration file
#之前编译nginx已经默认支持ssl模块
#如不确定, You can view the version and compile parameters with Nginx-v
Two methods:
1. Load Balancer Server implementation
2. actual webserver implementation
This is implemented on a load server:
In the nginx.conf configuration file:
Listen change to 443
Listen 10.0.0.3:443;
then add content to the server block:
# # #https
SSL on;
ssl_certificate/application/nginx/ssl/ssl.crt;
ssl_certificate_key/application/nginx/ssl/ssl.key;
Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout 5m;
Ssl_ciphers high:!anull:! MD5;
Ssl_prefer_server_ciphers on;
# # #end
finally, Add a location block:-------avoid changing to http every time you jump to a webpage
server {
Listen 10.0.0.3:80;
server_name www.george.com;
Rewrite ^/(. *) https://www.george.com/$1 permanent;
}
Restart Nginx test, successful (because It is local test, will still prompt insecure, but has implemented HTTPS Access)
1. When HTTPS is made, an exception is displayed each time the URL is visited
because the https address, if the http resource is loaded, the browser will consider this an unsafe resource, will be blocked by default, which will give you to the problem of incomplete resources, such as: pictures can not display, style cannot be loaded, JS loading. Because the style classes are basically written in this The ground, so generally also can, but some common js files, often exist in the CDN or other servers, this time, if the visit can not ask, may lead to the business is completely unable to Operate.
Little friends can follow my public number: Linux OPS rookie tour
Focus on "china Telecom Tianjin Network hall" public number, The first binding can be free to receive 2G of traffic, for your learning to provide traffic!
configuring for HTTPS