Nginx配置https - HelloWorld开发者社区

一、开启nginx的ssl模块
1.未安装过nginx，编译安装配置参数如下：
./configure
--prefix=/usr/local/nginx
--with-pcre
--with-http_ssl_module #ssl模块
--with-http_stub_status_module
--with-http_gzip_static_module
备注：
未开启ssl模块，nginx配置ssl后启动会出现问题the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:37
原因是nginx缺少http_ssl_module模块，编译安装时带上--with-http_ssl_module配置就可以了

2.已经安装过nginx,想要添加模块
停止nginx：/usr/local/nginx/sbin/nginx -s stop
查看nginx原有的模块：/usr/local/nginx/sbin/nginx -V
切换到nginx源码包重新配置：
./configure
--prefix=/usr/local/nginx
--with-pcre
--with-http_ssl_module #ssl模块
--with-http_stub_status_module
--with-http_gzip_static_module
重新编译make，但不需要make install安装
备份原有已经安装好的nginx：cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
将编译好的nginx覆盖掉原来的nginx：cp ./objs/nginx /usr/local/nginx/sbin/
启动nginx，查看nginx模块是否添加：/usr/local/nginx/sbin/nginx -V　

二、创建https签名证书
创建证书存放目录：mkdir /usr/local/nginx/cert
创建私钥：openssl genrsa -des3 -out server.key 1024
创建签名请求证书：openssl req -new -key server.key -out server.csr
备份私钥：cp server.key server.key.org
去除私钥口令：openssl rsa -in server.key.org -out server.key
创建签名证书：openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

三、配置nginx的https
　　配置文件nginx.conf：
server {
listen 443 ssl;
server_name localhost;

ssl on
ssl_certificate /usr/local/nginx/cert/server.crt;
ssl_certificate_key /usr/local/nginx/cert/server.key;
ssl_session_timeout 1m;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3;

location / {
root html;
index index.html index.htm;
}
}

四、完成
检查配置文件是否正确：/usr/local/nginx/sbin/nginx -t
启动nginx：/usr/local/nginx/sbin/nginx
平滑重启nginx:/usr/local/nginx/sbin/nginx -s reload