CentOS Nginx搭建https测试环境

1.查看是否已经安装 ssl 组件

[root@localhost wwwlogs]# cd /usr/local/nginx/sbin/

[root@localhost sbin]# ./nginx -V

nginx version: nginx/1.0.15

built by gcc 4.1.2 20080704 (Red Hat 4.1.2-52)

TLS SNI support disabled

configure arguments: --user=www --group=www--prefix=/usr/local/nginx --with-http_stub_status_module--with-http_ssl_module --with-http_gzip_static_module--with-ipv6

如果已经有了 http_ssl_module 则表示已经安装.若没有, 则要重新编译一安装nginx

2.生成 key  (在/usr/local/nginx/conf目录下可以是/usr/local/nginx/conf/xxx)

[root@localhost sbin]# cd /usr/local/nginx/conf/

[root@localhost conf]# openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus

.......++++++

..........................................++++++

e is 65537 (0x10001)

Enter pass phrase for server.key:abcd

Verifying - Enter pass phrase for server.key:abcd

3.生成证书

[root@localhost conf]# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:abcd

You are about to be asked to enter information that will beincorporated

into your certificate request.

What you are about to enter is what is called a DistinguishedName or a DN.

There are quite a few fields but you can leave someblank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:CN

State or Province Name (full name) [Berkshire]:beijing

Locality Name (eg, city) [Newbury]:chaoyang

Organization Name (eg, company) [My Company Ltd]:test

Organizational Unit Name (eg, section) []:web

Common Name (eg, your name or your server's hostname)[]:test

Email Address []:test@test.cn

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:1qazxsw23edc

An optional company name []:testcomp

[root@localhost conf]# cp server.key server.key.org

[root@localhost conf]# openssl rsa -in server.key.org -out server.key

Enter pass phrase for server.key.org:abcd

writing RSA key

[root@localhost conf]# openssl x509 -req -days 365 -inserver.csr -signkey server.key -out server.crt

Signature ok

subject=/C=CN/ST=beijing/L=chaoyang/O=easymobi/OU=web/CN=sunyu/emailAddress=sunyu@easymobi.cn

Getting Private key

4.配置 nginx

在配置文件中加入:

server

{

listen      443;

server_name test.test.cn;

index index.html index.htm index.php;

root  /home/wwwroot/vegtest/;

ssl on;

ssl_certificate /usr/local/nginx/conf/server.crt;

ssl_certificate_key /usr/local/nginx/conf/server.key;

}

此处注意 :

1    只能有一个https域名的配置   如果多个把原先的加#号注释掉

2 /etc/hosts文件 windows下的hosts文件 指向域名的 ip地址

5.重启nginx服务

[root@localhost conf]# service nginx restart

然后访问 https://test.test.cn 即可看到效果.