步骤:
1.生成一个权威的ssl证书对(如果自己颁发的话,那么https是不被浏览器认可的,就是https上面会有一个大红叉)
推荐一个免费的网站:https://www.startssl.com/
startssl的操作教程看这个:http://www.freehao123.com/startssl-ssl/
2.根据ssl.key和ssl.crt部署nginx
首先nginx需要支持ssl_module,然后修改nginx.conf如下
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /opt/tengine/conf/ssl/free4lab.crt;
ssl_certificate_key /opt/tengine/conf/ssl/free4lab_nopass.key;
ssl_session_timeout 5m;
}
在相应的位置放置crt文件和key文件,注意到这边的key是nopassword的,就是重启nginx的时候,不需要输入密码。
3.修改相应的服务配置文件,监听443端口
http { include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; proxy_buffer_size 16k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_max_temp_file_size 64k; log_format access '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $http_x_forwarded_for'; upstream test { server 192.168.68.5:8080; } server { listen 443 ssl; server_name www.test.com; ssl on; ssl_certificate /usr/local/nginx/server.crt; ssl_certificate_key /usr/local/nginx/server.nopass.key; access_log logs/test.log combined; location / { proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_pass http://test; proxy_redirect off; proxy_set_header Host www.test.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-proto https; index index.htm index.html index.php;
}
}
}
这样访问 https://your domain .com,https上头的标就是绿色的了!
