配置前提nginx装了SSL功能模块。
[[email protected] conf]# openssl genrsa -out cert.key2 2048 生成cert.key2私钥文件
Generating RSA private key, 2048 bit long modulus
......................+++
..................................................................................+++
e is 65537 (0x10001)
[[email protected] conf]# openssl req -new -x509 -key cert.key2 -out cert.pem2 用cert.key2 生成 cert.pem2认证文件
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn 一直回车
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []: 慢点!!!!下面要输入东西了。
Common Name (eg, your name or your server's hostname) []:www.wang.com #输你的域名
Email Address []:
vim /usr/local/nginx/conf/nginx.conf 编辑配置文件 添加一个 server 可以复制我的在修修改改。
server {
listen 443; 端口号要改。
server_name www.wang.com; 域名要改。
ssl on;
ssl_certificate /usr/local/nginx/conf/cert.pem2; 认证文件 路径写好。
ssl_certificate_key /usr/local/nginx/conf/cert.key2; 私钥文件 路径写好。
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /var/www/html/web1; 你的网站目录,最好写绝对路径。
index index.html index.htm; 主页文件。
}
}
防火墙添加一条允许443端口的命令。
弄好了 把nginx重启 重载有时候不行,弄好了用
netstat-anput |grep nginx
看一下 nginx是不是监听的443端口。
防火墙,内核防火墙 关。
访问。
ok。
--------------------------------------------------------------------------------------
htpasswd -bc /usr/local/nginx/conf/htpasswd nginx 123456 #生成密码文件 账户nginx 密码123456
chmod 400 /usr/local/nginx/conf/htpasswd
chown nginx conf/htpasswd #为了安全一点
vim /usr/local/nginx/conf/nginx.conf
auth_basic "qing shu ru mi ma"; #描述
auth_basic_user_file /usr/local/nginx/conf/htpasswd; # 密码文件路径
保存退出配置文件,重启nginx