Ubuntu下配置Nginx HTTPS

最新推荐文章于 2024-12-05 09:10:08 发布

混沌极致

最新推荐文章于 2024-12-05 09:10:08 发布

阅读量3.4k

点赞数

本文链接：https://blog.youkuaiyun.com/marujunyy/article/details/8866214

版权

ubuntu server 同时被 3 个专栏收录

43 篇文章

订阅专栏

Nginx

7 篇文章

订阅专栏

Redmine

5 篇文章

订阅专栏

在安装redmine的时候考虑到安全性的问题，所以决定使用nginx配置https连接。

如何安装redmine：http://blog.youkuaiyun.com/marujunyy/article/details/8865857

下面记录下Nginx配置HTTPS的方法：

1、首先确认Nginx支持OpenSSL模块 : sudo /opt/nginx/sbin/nginx -V

nginx version: nginx/1.4.0
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) 
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx --with-http_ssl_module --with-http_gzip_static_module --with-cc-opt=-Wno-error --with-pcre=/tmp/root-passenger-19175/pcre-8.31 --add-module=/var/lib/gems/1.8/gems/passenger-3.0.19/ext/nginx

如果没有发现–with-http_ssl_module这个编译参数，说明不支持。Nginx默认是不支持SSL的，需要加入–with-http_ssl_module参数重新编译。

2、生成自签名证书： sudo apt-get install openssl

cd /opt/nginx/conf
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
sudo openssl rsa -in server.key -out server_nopwd.key
sudo openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt

我只在第一步生成server.key的时候设置了密码。我为了省事除了在需要验证密码的时候需要输入第一步设置的密码外，在其他的地方一路回车。当然你也可以输入详细的信息：

proto@ubuntu:~$ sudo openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:   ←输入第一步中生成server.key时设置的密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN　←输入国家代码
State or Province Name (full name) [Some-State]:CHONGQING　← 输入省名
Locality Name (eg, city) []:CHONGQING　←输入城市名
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MIKE　← 输入公司名
Organizational Unit Name (eg, section) []:MIKE　← 输入组织单位名
Common Name (eg, YOUR name) []:www.mike.me　← 输入主机名
Email Address []:easylife206@gmail.com　←输入电子邮箱地址

3、配置Nginx HTTPS访问：

   server {
        listen       443;
        server_name  192.168.1.112;
        root /srv/www;
        index index.php index.html index.htm;
       location /redmine {
           root /var;
           passenger_enabled   on;
           passenger_base_uri  /redmine;
        }
        location /phpmyadmin {
           alias  /srv/www/phpmyadmin;
        }
        location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /srv/www/$fastcgi_script_name;
            include        fastcgi_params;
        }
        ssl                  on;
        ssl_certificate      /opt/nginx/conf/server.crt;
        ssl_certificate_key  /opt/nginx/conf/server_nopwd.key;
        rails_spawn_method smart;
        rails_app_spawner_idle_time 0;
        rails_framework_spawner_idle_time 0;
        client_max_body_size 120m;
    }

OK,然后我们重新加载下nginx配置文件： sudo /opt/nginx/sbin/nginx -s reload

现在我们输入：https://serverIP/redmine/login 就可以访问了：