一、环境准备
安装nginx程序时,需要开启ssl模块功能() --with-http_ssl_module
二、配置文件中加载ssl配置信息
server {
listen 443 ssl;
server_name rewrite.oldboy.com;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
}
三、证书申请
前往阿里云进行申请证书
https://www.aliyun.com/product/cas?spm=5176.10695662.1171680.2.5358481ae3f2R2
四、创建私钥
openssl genrsa -idea -out server.key 2048
五、创建证书
openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
-days 36500 --- 设置证书时效
-x509 --- 设置证书文件信息格式
-sha256 --- 证书数据加密方式
-nodes -newkey --- 去掉密码信息
rsa:2048 --- 识别私钥加密信息
-keyout --- 读取私钥文件
-out --- 输出一个证书
六、重启nginx服务,进行测试
七、https自动跳转
server {
listen 80;
server_name rewrite.oldboy.com;
rewrite ^(.*) https://1 redirect;
#return 302 https://request_uri;
}
server {
listen 443 ssl;
server_name rewrite.oldboy.com;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
}
Rewrite常用内置变量,在匹配过程中可以引用一些Nginx的全局变量
$server_name 当前用户请求的域名
$request_filename 当前请求的文件路径名(带网站的主目录/html/images/test.jpg)
$request_uri 当前请求的文件路径名(不带网站的主目录/images/test.jpg)
$scheme 用的协议,比如http或者https
实际配置:
[root@web01 nginx]# cat /etc/nginx/conf.d/rewrite.conf
server {
listen 80;
server_name rewrite.oldboy.com;
rewrite ^(.*) https://$server_name$1 redirect;
#return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name rewrite.oldboy.com;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
location / {
root /html;
index index.html index.htm;
}
}
以上配置为企业中常会用到将之前http更改为安全加密https详细配置及操作命令,仅供参考。
