Linux_352_Nginx部署https实战

部署https实践
1、创建Nginx需要的证书文件
确保机器安装了openssl和openssl-devel，创建证书
yum install openssl openssl-devel -y

2、确保nginx支持ssl模块，查看nginx编译信息即可
nginx -V

3、模拟证书颁发机构CA创建证书
进入nginx安装目录，便于管理证书
cd /opt/tngx232
mkdir key
cd key
(umask 077;openssl genrsa -out server1024.key 1024)

4、创建证书
openssl req -new -x509 -key server1024.key -out server.crt -days 365

在conf文件夹中建立443.conf
nginx默认的http虚拟主机80端口，且要支持转发到https的443端口
443https的虚拟主机配置，且支持证书认证

server {
    listen 80;
    server_name _;
    charset utf-8;
     rewrite ^(.*)$ https://$host$1 permanent;
    location / {
            root html;
            index index.html index.htm;
    }
}

server {
        server_name _;
        listen 443 ssl;
        ssl_certificate /opt/tngx232/key/server.crt;
        ssl_certificate_key /opt/tngx232/key/server1024.key;
        charset utf-8;
        location / {
         root html;
         index index.html index.htm;
}
}