Nginx服务器虚拟主机ssl加密

• 步骤一：配置SSL虚拟主机

• 1）生成私钥与证书

[[email protected] ~]# cd /usr/local/nginx/conf
[[email protected] ~]# openssl genrsa -out cert.key                            #生成私钥
[[email protected] ~]# openssl req -new -x509 -key cert.key -out cert.pem      #生成证书

                                                              #输入国家NC，其它随意输入

• 2）修改Nginx配置文件，设置加密网站的虚拟主机

[[email protected] ~]# vim  /usr/local/nginx/conf/nginx.conf
… …    
server {
        listen       443 ssl;
        server_name  www.test.com;
        ssl_certificate      cert.pem;          #证书的名称
        ssl_certificate_key  cert.key;                #私钥名称
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        location / {
            root   html;
            index  index.html index.htm;
        }
    }

[[email protected] conf]# /usr/local/nginx/sbin/nginx -s reload        #重启服务

• 步骤二：客户端验证

• 1）修改客户端主机192.168.4.100的/etc/hosts文件，进行域名解析

[[email protected] ~]# vim /etc/hosts
192.168.4.5    www.test.com

• 2）登录192.168.4.100客户端主机进行测试

[[email protected] ~]# firefox https://www.test.com            #信任证书后可以访问