nginx的http的ssl模块
Module ngx_http_ssl_module
To reduce the processor load it is recommended to
.set the number of worker processes equal to the number of processors,
.enable keep-alive connections,
.enable the shared session cache,
.disable the built-in session cache,
.and possibly increase the session lifetime (by default, 5 minutes)
Example
worker_processes auto;
http {
...
server {
listen 443 ssl;
keepalive_timeout 70;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
...
}
Example
一、生成证书
# 1、首先,进入你想创建证书和私钥的目录,例如:
cd /etc/nginx/
# 2、创建服务器私钥,命令会让你输入一个口令:
openssl genrsa -des3 -out server.key 1024
# 3、创建签名请求的证书(CSR):
openssl req -new -key server.key -out server.csr
# 4、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
# 5、最后标记证书使用上述私钥和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
二、配置http跳转
server {
listen 443 ssl;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl_session_timeout 5m;
location / {
root html;
}
}
server {
listen 80;
location ~ /services/.*$ {
if ($server_port ~ "^80$"){
set $rule_0 1$rule_0;
}
if ($rule_0 = "1"){
rewrite /(.*) https://IP地址/$1 permanent;
}
}
}
浏览器当访问http://ip/test地址跳转到https://ip/test
参考:
http://blog.youkuaiyun.com/weixin_35884835/article/details/52588157
http://www.linuxidc.com/Linux/2013-05/84477p2.htm