To configure the Nginx configuration file/etc/nginx/nginx.conf First, enable the SSL feature as follows:
[email protected] ~]# vim/etc/nginx/nginx.conf
650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M02/9D/BE/wKiom1mFMmfyn-i8AAS1umLdSKM106.jpg "title=" 1.jpg "alt=" Wkiom1mfmmfyn-i8aas1umldskm106.jpg "/>
The certificate path in is used relative path, in order to avoid errors, the relative path is modified to absolute path such as:
650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M00/9D/BE/wKioL1mFM3-TCIUBAADDJ6dFPVg197.jpg "title=" 2.jpg "alt=" Wkiol1mfm3-tciubaaddj6dfpvg197.jpg "/>
Edit the certificate openssl.cnf, make sure that the certificate path is correct, and then save the exit:
[email protected] ~]# vim/etc/pki/tls/openssl.cnf
650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M00/9D/BE/wKiom1mFNBfAHI77AADpYCi2xmc865.jpg "title=" 2.jpg "alt=" Wkiom1mfnbfahi77aadpyci2xmc865.jpg "/>
Verify that the certificate-related directories under the CA path are:
[email protected] ~]# Cd/etc/pki/ca
[email protected] ca]# ls #下面四个目录必须都存在 (nginx server is established by default)
Certs CRL Newcerts Private
[email protected] ca]# ls private/#查看是否有私钥文件
[Email protected] ca]# (umask 077; OpenSSL genrsa 2048 > Private/cakey.pem) #生成一个私钥证书
Generating RSA private key, 2048 bit long modulus
.............+++
............+++
E is 65537 (0x10001)
[Email protected] ca]# OpenSSL req-new-x509-key private/cakey.pem-out cacert.pem #针对cakey. Pem This private key certificate generates a self-visa book. The relevant content is entered as follows
650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/9D/BF/wKiom1mFP-mzQUh6AASu4HKzWpw169.jpg "title=" 2.jpg "Width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:230px; "alt=" Wkiom1mfp-mzquh6aasu4hkzwpw169.jpg "/>
[[email protected] ca]# ls
Cacert.pem certs CRL newcerts private
[email protected] ca]# touch serial
[email protected] ca]# echo > serial
[email protected] ca]# Touch index.txt
[email protected] ca]# Cd/etc/nginx
[[email protected] nginx]# mkdir SSL
[[email protected] nginx]# CD SSL
[email protected] ssl]# (umask 077;openssl genrsa > Nginx.key) #生成一个私钥
Generating RSA private key, 1024x768 bit long modulus
...........................++++++
.. ++++++
E is 65537 (0x10001)
[email protected] ssl]# OpenSSL req-new-key nginx.key-out NGINX.CSR
650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M00/9D/C1/wKiom1mFX4vg30JsAAWLL7DfjFo887.jpg "title=" 2.jpg "Width=" "height=" 329 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:329PX; "alt=" Wkiom1mfx4vg30jsaawll7dfjfo887.jpg "/>
[[email protected] SSL] OpenSSL ca-in nginx.csr-out nginx.crt-days 3650
650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/9D/C1/wKioL1mFYHTQalLeAATbMrPRi-k304.jpg "title=" 2.jpg "alt=" Wkiol1mfyhtqalleaatbmrpri-k304.jpg "/>
[email protected] ssl]# Service Nginx Restart
650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M01/9D/C1/wKioL1mFYqeyA_jkAASqL5Dv36o621.jpg "title=" 2.jpg "Width=" "height=" 292 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:292px; "alt=" Wkiol1mfyqeya_ Jkaasql5dv36o621.jpg "/>
[email protected] ssl]# cd/usr/html/#进入网页保存目录, create a new SSL
[[email protected] html]# ls
50x.html index.html test test1 test2 test3
[email protected] html]# mkdir SSL
[[email protected] html]# ls
50x.html index.html SSL test test1 test2 test3
[email protected] html]# CD SSL
[email protected] ssl]# vim index.html #编辑ssl主页
[email protected] ssl]# Service Nginx Restart
Nginx:the configuration file/etc/nginx/nginx.conf syntax is OK
Nginx:configuration file/etc/nginx/nginx.conf Test is successful
stopping nginx: [OK]
Starting nginx: [OK]
* Web Hosting path is/usr/html/ssl, so the/etc/nginx/nginx.conf configuration file in the SSL service in the location of the
Root path is/usr/html/ssl
The results are then accessed through the client:
650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/9D/C2/wKioL1mFasyQ9fkTAAD3NhlWPOU865.jpg "style=" width : 700px;height:199px; "title=" 2.jpg "width=" "height=" 199 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1mfasyq9fktaad3nhlwpou865.jpg "/>
650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M01/9D/C2/wKioL1mFas3QICbOAACMZG9THBs200.jpg "style=" float : none; "title=" 1.jpg "alt=" Wkiol1mfas3qicboaacmzg9thbs200.jpg "/>
Nginx Domain Access function, as long as the server field is modified in the nginx.conf configuration file, as follows:
650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M00/9D/C3/wKiom1mFgi7wxw41AAKzCD9qhPg473.jpg "title=" 1.jpg "alt=" Wkiom1mfgi7wxw41aakzcd9qhpg473.jpg "/>
Add Nginx virtual host function, configure nginx.conf file to increase server field
650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M02/9D/C4/wKiom1mFgyXT7TnhAAEQhdZRbYM833.jpg "title=" 2.jpg "alt=" Wkiom1mfgyxt7tnhaaeqhdzrbym833.jpg "/>
Restart the Nginx service and add the following two lines of domain name resolution to the host hosts you are visiting:
10.109.134.252 www.c.com
10.109.134.252 www.a.com
The test results are as follows:
650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M02/9D/DF/wKiom1mH_cOjsHqYAABlIZPnIlQ624.jpg "title=" 2.jpg "alt=" Wkiom1mh_cojshqyaablizpnilq624.jpg "/>
650) this.width=650; "src=" https://s3.51cto.com/wyfs02/M01/9D/DF/wKiom1mH_0iiN5usAAC2mZ6X8Yw525.jpg "title=" 2.jpg "alt=" Wkiom1mh_0iin5usaac2mz6x8yw525.jpg "/>
This article is from the "Learn Linux history" blog, please be sure to keep this source http://woyaoxuelinux.blog.51cto.com/5663865/1954186
Linux command: Nginx enable SSL feature setting and virtual host