Nginx Build HTTPS website below

An SSL certificate is a digital certificate that uses the secure Socket Layer protocol to establish a secure channel between the browser and the WEB server to achieve:
1, the data information between the client and the server encrypted transmission, to ensure the security of the transmission of information between the parties, can not be intercepted by third parties;
2. The user can verify that the website he visited is true and reliable through the server certificate.

I. Introduction to the Environment

Operating system: CentOS 7

ip:192.168.10.21

Ii. Deployment Steps

See if OpenSSL is installed

Rpm-qa | grep OpenSSL

Openssl-libs-1.0.1e-51.el7_2.7.x86_64

Openssl-1.0.1e-51.el7_2.7.x86_64

Create a private key

OpenSSL genrsa-out 192.168.10.21.key 2048

Create a certificate (CSR) for the signing request:

OpenSSL Req-new-key 192.168.10.21.key-out 192.168.10.21.CSR

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/91/EA/wKioL1j5c9LQETEbAADanaY8dow192.jpg-wh_500x0-wm_ 3-wmp_4-s_4115632669.jpg "title=" 12.jpg "alt=" Wkiol1j5c9lqetebaadanay8dow192.jpg-wh_50 "/>

View CSR

[email protected] ~]# ll 192.168.10.21.CSR

-rw-r--r--1 root root 952 Apr 10:48 192.168.10.21.CSR

Load the SSL-supported Nginx and remove the required password when using the above private key:

CP 192.168.10.21.key 192.168.10.21.key.org

OpenSSL rsa-in 192.168.10.21.key.org-out 192.168.10.21.key

Token certificate uses the above private key and CSR

OpenSSL x509-req-days 365-in 192.168.10.21.csr-signkey 192.168.10.21.key-out 192.168.10.21.crt

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/91/EC/wKiom1j5eBqz9uXTAABEXtwv6wI307.jpg-wh_500x0-wm_ 3-wmp_4-s_2625300953.jpg "title=" 23.jpg "alt=" Wkiom1j5ebqz9uxtaabextwv6wi307.jpg-wh_50 "/>

Create an SSL directory

Mkdir-pv/etc/nginx/ssl

Copy certificate file

CP 192.168.10.21.CRT 192.168.10.21.key/etc/nginx/ssl

modifying Nginx configuration Files

Vim/etc/nginx/ssl

Change

# Settings for a TLS enabled server.

#

# server {

# Listen 443 SSL HTTP2 default_server;

# Listen [::]:443 SSL HTTP2 default_server;

# server_name _;

# root/usr/share/nginx/html;

#

# ssl_certificate "/ETC/PKI/NGINX/SERVER.CRT";

# ssl_certificate_key "/etc/pki/nginx/private/server.key";

# Ssl_session_cache shared:ssl:1m;

# ssl_session_timeout 10m;

# ssl_ciphers high:!anull:! MD5;

# ssl_prefer_server_ciphers on;

#

# # Load configuration files for the default server block.

# include/etc/nginx/default.d/*.conf;

#

# location/{

#        }

#

# Error_page 404/404.html;

# location =/40x.html {

#        }

#

# Error_page 502 503 504/50x.html;

# location =/50x.html {

#        }

#    }

For

server {

Listen 443 SSL HTTP2 default_server;

Listen [::]:443 SSL HTTP2 default_server;

server_name _;

root/usr/share/nginx/html;

Ssl_certificate "SSL/192.168.10.21.CRT";

Ssl_certificate_key "Ssl/192.168.10.21.key";

Ssl_session_cache shared:ssl:1m;

Ssl_session_timeout 10m;

Ssl_ciphers high:!anull:! MD5;

Ssl_prefer_server_ciphers on;

# Load configuration files for the default server block.

include/etc/nginx/default.d/*.conf;

Location/{

}

Error_page 404/404.html;

Location =/40x.html {

}

Error_page 502 503 504/50x.html;

Location =/50x.html {

}

}

Check the configuration file, reload

Nginx-t-c/etc/nginx/nginx.conf

Nginx-s Reload

Test

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M00/91/EE/wKiom1j5gjTzYasNAAAbTO1D8bE714.jpg-wh_500x0-wm_ 3-wmp_4-s_1336890505.jpg "title=" 25.jpg "alt=" Wkiom1j5gjtzyasnaaabto1d8be714.jpg-wh_50 "/>

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M00/91/ED/wKioL1j5gsHypHcXAAC_Ftz6LpA618.jpg-wh_500x0-wm_ 3-wmp_4-s_2449796602.jpg "title=" 28.jpg "alt=" Wkiol1j5gshyphcxaac_ftz6lpa618.jpg-wh_50 "/>

This article is from the "Sdsca" blog, make sure to keep this source http://sdsca.blog.51cto.com/10852974/1918216

Nginx Build HTTPS website below