openssl自签证书

1、安装nginx

yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel  wget pcre pcre-devel

openssl自签证书

wget http://nginx.org/download/nginx-1.14.2.tar.gz

openssl自签证书

tar -zxvf nginx-1.14.2.tar.gz
cd nginx-1.14.2
./configure --with-http_stub_status_module --with-http_ssl_module
make
make install

检查Nginx的SSL模块

/usr/local/nginx/sbin/nginx -V

openssl自签证书

准备私钥和证书

创建私钥：

cd /usr/local/nginx

mkdir -p ssl

cd ssl/

openssl genrsa -des3 -out server.key 1024

openssl自签证书

签发证书：

openssl req -new -key server.key -out server.csr

openssl自签证书

删除私钥口令：

cd /usr/local/nginx/ssl

cp server.key server.key.ori

openssl rsa -in server.key.ori -out server.key

openssl自签证书

生成使用签名请求证书和私钥生成自签证书：

openssl自签证书

开启Nginx SSL：

创建虚拟主机子目录：

mkdir -p /usr/local/nginx/conf/conf.d

# 精简主配置文件
cat >/usr/local/nginx/conf/nginx.conf<<EOF
user  nobody;
worker_processes  1;
events {
	worker_connections  1024;
}
http {
	include       mime.types;
	default_type  application/octet-stream;
	sendfile        on;
	keepalive_timeout  65;
	include conf.d/*.conf;
}
EOF

openssl自签证书

启动nginx：

/usr/local/nginx/sbin/nginx

openssl自签证书

创建虚拟主机子配置文件：

cat >/usr/local/nginx/conf/conf.d/hack.conf<<EOF
server {
    listen       443 ssl;
    server_name  www.hack.com;
    ssl on;
    ssl_certificate /usr/local/nginx/ssl/server.crt;
    ssl_certificate_key /usr/local/nginx/ssl/server.key;

    location / {
    #定义站点目录
        root   /usr/local/nginx/html;
        index index.php  index.html index.htm;
    }
}
EOF

openssl自签证书

重新加载配置文件：

/usr/local/nginx/sbin/nginx -t

/usr/local/nginx/sbin/nginx -s reload

openssl自签证书

绑定windows的hosts：

openssl自签证书

10.0.0.43 www.hack.com

上传 hack.html 到/usr/local/nginx/html目录

openssl自签证书

rewrite跳转:

cat >/usr/local/nginx/conf/conf.d/hack.conf<<\EOF
server {
    listen 80;
    server_name www.hack.com;
    rewrite ^(.*) https://$server_name$1 permanent;
}

server {
    listen       443 ssl;
    server_name  www.hack.com;
    ssl on;
    ssl_certificate /usr/local/nginx/ssl/server.crt;
    ssl_certificate_key /usr/local/nginx/ssl/server.key;


    location / {
    #定义站点目录
        root   /usr/local/nginx/html;
        index index.php  index.html index.htm;
    }
}
EOF

重新加载配置文件：

/usr/local/nginx/sbin/nginx -t

/usr/local/nginx/sbin/nginx -s reload