Centos7 Nginx配置SSL证书

准备工作:

ECS服务器或者VPS服务器

服务器生成KEY&CRS

获取购买SSL证书

1.首先CD到Nginx目录下,创建一个名为ssl的一个文件夹

[root@adminaroot ~]# cd /usr/local/nginx/ssl

2.开始生成KEY&CRS两个文件

[root@adminaroot ~]/usr/local/nginx/ssl/# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Country Name (2 letter code) [AU]:CN //国家简称
State or Province Name (full name) [Some-State]: JS //省份简称
Locality Name (eg, city) []:SZ //城市简称
Organization Name (eg, company) [Internet Widgits Pty Ltd]: //选填
Organizational Unit Name (eg, section) []: //选填
Common Name (eg, YOUR name) []: adminaroot.cn //填写我们的域名WWW和不带WWW不同
Email Address []:邮箱地址
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []://选填
An optional company name []://选填

3.你会得到两个名为server.key server.csr证书文件,把这两个文件放到开始创建的SSL文件目录下,并查看刚刚生成的CRS文件内容

[root@adminaroot ~]/usr/local/nginx/ssl/#cat server.csr

 -----BEGIN CERTIFICATE REQUEST-----
 MIIC+jCCAeICAQAwgYgxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAljaG9uZ3Fpbmcx
 GzAZBgNVBAcMEmNob25ncWluZyBqaWFuZ2ppbjEOMAwGA1UECgwFYXJvb3QxFjAU
 BgNVBAMMDWFkbWluYXJvb3QuY24xIDAeBgkqhkiG9w0BCQEWETE2Mjg3MTMxNjhA
 cXEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk++QiAshA7w4
 gOe94PS+yv6KKoBzRIDZvu7rDf1NFF3BOIU/KHBk5E7nqnuX45hzNtA7CyooEHCk
 WdUhJws2sfXRRlTDZW7h/lC8bxz1hsQfv1RK0BAY0DsxypHxW63uAbs4mIy8H3rz
 YEmkIbxbAmJS7MUpDuSDsieEsI/Rk7SB+QCCpJPs9ksw0Sgsquovr/Z+T7owFwq/
 HHsFHFc8xhE9YuybUB0RKMWr35xd0nxk1ZCvs34+Vf+5dSOnhzgVy3JodqT+FY6L
 H/fPSa9QVzFGNwMkh/wAhOkVY72ANOu41AVgAOnT9DRSXX3sBshrITERVjBtb7bl
 ZFWXMnkgvQIDAQABoCwwFAYJKoZIhvcNAQkCMQcMBWFyb290MBQGCSqGSIb3DQEJ
 BzEHDAVhcm9vdDANBgkqhkiG9w0BAQsFAAOCAQEAgT9s2PRv6JoWbw6qe2sCnEHh
 uf2/iZJyngGFtO/wSfwossFb8BjHHMy9bGGo86zEawGHBXeUpe5B1iLJG6c1jdKk
 8SxUC+oB3+H3JwVRQ2h2doBVl+gl1VQzoezZQW1WxuWbZ5iRdGJ2anKKfObjXkdO
 VodJe/WUD1MgYJsLnFnIFfNhRUs7DNvEzxfx8UaLGjk21YBB9NZwYGiLDOKGs1kK
 3+BGLds4lng5AooNPtocH8gd9yXfaQHX6Em3a7145yt62TA9Eb7OB+oUMRNc5nZP
 92NCCEfoocsbrOsZDataYDaNrEv9YEkjzAP5zGVYfLvD9EmIGTk/qCldZx0CXQ==
 -----END CERTIFICATE REQUEST-----

4.在购买SSL证书https://www.namecheap.com/security/ssl-certificates.aspx的时候需要复制server.csr里面的所有内容进行激活证书,才会给你颁发有效证书文件,得到有效证书将SSL合成为一个新的名为adminaroot.crt证书文件,将新的adminaroot.crt证书文件放到ssl目录下

[root@adminaroot ~]/usr/local/nginx/ssl/#cat adminaroot_cn.ca-bundle adminaroot_cn.crt > adminaroot.crt

以上1234点会的到4个证书文件分别是:server.csr|server.key|adminaroot_cn.ca-bundle|adminaroot_cn.crt|adminaroot.crt|

6.在Nginx配置文件中配置ssl证书,首先我们要找到在nginx目录下的nginx配置文件nginx.conf

[root@adminaroot ~]#cd /usr/local/nginx/conf/

[root@adminaroot ~]/usr/local/nginx/conf/#vim nginx.conf

7.将标注红框的内容加到Ngixn配置文件中,将保存配置退出

listen 443 ssl;                                            //此处是ssl证书所在位置
ssl_certificate /usr/local/nginx/ssl/adminaroot.crt;
ssl_certificate_key /usr/local/nginx/ssl/server.key;
server_name adminaroot.cn;

if ($scheme = http ){                                      //此处是做http强行301永久跳转https设置
return 301 https://$host$request_uri; }

8.在配置完所有设置以后,我们要良好的检查错误与处理异常的习惯,以下命令是检查Nginx配置是否出现有语法等其他问题存在

[root@adminaroot ~]/usr/local/nginx/conf/#nginx -t //检查是否错误

[root@adminaroot ~]/usr/local/nginx/conf/#nginx -s reload //重新载入配置文件其生效


转载请注明出处: https://www.freearoot.com/index.php/nginx配置ssl证书教程.html