By default, the SSL module is not installed. To use this module, You need to specify the-with-http_ssl_module parameter during compilation. The installation module depends on the OpenSSL library and some reference files, these files are usually not in the same software package. Generally, this file name is similar to libssl-Dev.
Generate Certificate
To generate a simple certificate, follow these steps:
First, go to the directory where you want to create the certificate and private key, for example:
- $ CD/usr/local/nginx/Conf
Create a server private key. The command will allow you to enter a password:
- $ OpenSSL genrsa-des3-out server. Key 1024
Create a CSR for the signature request ):
- $ OpenSSL req-New-key server. Key-out server. CSR
Remove the required password when loading SSL-supported nginx and using the above private key:
- $ CP server. Key server.key.org
- $ OpenSSL RSA-In server.key.org-out server. Key
Configure nginx
Finally, mark the certificate with the above private key and CSR:
- $ OpenSSL X509-req-days 365-in server. CSR-signkey server. Key-out server. CRT
Modify the nginx configuration file to include the newly marked certificate and private key:
- Server {
- SERVER_NAME your_domainname_here;
- Listen 443;
- SSL on;
- Ssl_certificate/usr/local/nginx/CONF/server. CRT;
- Ssl_certificate_key/usr/local/nginx/CONF/server. Key;
- }
Restart nginx.
In this way, you can access:
Https: // your_domainname_here