nginx中ssl模块

nginx的http的ssl模块

Module ngx_http_ssl_module

To reduce the processor load it is recommended to
   .set the number of worker processes equal to the number of processors,
   .enable keep-alive connections,
   .enable the shared session cache,
   .disable the built-in session cache,
   .and possibly increase the session lifetime (by default, 5 minutes)

Example

worker_processes auto;

http {
...

server {
    listen              443 ssl;
    keepalive_timeout   70;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
    ssl_certificate     /usr/local/nginx/conf/cert.pem;
    ssl_certificate_key /usr/local/nginx/conf/cert.key;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    ...
}

Example

一、生成证书

# 1、首先,进入你想创建证书和私钥的目录,例如:
 cd /etc/nginx/

# 2、创建服务器私钥,命令会让你输入一个口令:
openssl genrsa -des3 -out server.key 1024

# 3、创建签名请求的证书(CSR):
openssl req -new -key server.key -out server.csr

# 4、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key


# 5、最后标记证书使用上述私钥和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt


二、配置http跳转
    server {
        listen       443 ssl;
        ssl_certificate      /etc/nginx/server.crt;
        ssl_certificate_key  /etc/nginx/server.key;
        ssl_session_timeout  5m;

        location / {
            root   html;
        }
    }

    server {
        listen       80;

        location ~ /services/.*$ {
            if ($server_port ~ "^80$"){
                set $rule_0 1$rule_0;
            }
            if ($rule_0 = "1"){
                rewrite /(.*) https://IP地址/$1 permanent;     
            }
        }
    }

浏览器当访问http://ip/test地址跳转到https://ip/test

参考:
http://blog.youkuaiyun.com/weixin_35884835/article/details/52588157
http://www.linuxidc.com/Linux/2013-05/84477p2.htm

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值