- 论坛徽章:
- 0
|
nginx + ssl 安装与配置
安装:
nginx-0.7.62.tar.gz openssl-0.9.8k.tar.gz pcre-7.9.tar.gz
openssl-0.9.8k
./configure
make make install
/usr/local/openssl
pcre-7.9.tar.gz
./configure
make make install
nginx-0.7.62.tar.gz
./configure --with-md5=/usr/lib --with-openssl=/home/admin/appli/openssl-0.9.8k(注: OPENSSL 原安装编译路径) --with-http_ssl_module
make make install
配置:
生成证书
#openssl genrsa -des3 -out privkey.pem 2048
# openssl req -new -key privkey.pem -out cert.csr(把cert.csr 发给CA机构 获得证书 UserCert.pem)
Generating RSA private key, 2048 bit long modulus
................................+++
....+++
e is 65537 (0x10001)
Enter pass phrase for privkey.pem:
Verifying - Enter pass phrase for privkey.pem:
#openssl req -new -key privkey.pem -out cert.csr
Enter pass phrase for privkey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:cn
State or Province Name (full name) [Berkshire]:shanghai
Locality Name (eg, city) [Newbury]:shanghai
Organization Name (eg, company) [My Company Ltd]:abc
Organizational Unit Name (eg, section) []:tech
Common Name (eg, your name or your server's hostname) []:www.abc.com.cn
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
#
#more nginx.conf
server {
listen 443;
server_name www.abc.com.cn;
ssl on;
ssl_certificate /usr/local/nginx/conf/UserCert.pem;
ssl_certificate_key /usr/local/nginx/conf/privkey.pem;
.......
proxy_connect_timeout 90;
proxy_send_timeout 90;
client_max_body_size 128k;
client_body_buffer_size 128k;
}
#./nginx |
|
免费注册
发表于 2009-10-15 17:21