惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
L
LangChain Blog
IT之家
IT之家
S
SegmentFault 最新的问题
博客园 - 三生石上(FineUI控件)
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
The Blog of Author Tim Ferriss
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
U
Unit 42
B
Blog RSS Feed
GbyAI
GbyAI
Microsoft Security Blog
Microsoft Security Blog
博客园 - 司徒正美
Apple Machine Learning Research
Apple Machine Learning Research
T
Threatpost
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
Vercel News
Vercel News
S
Schneier on Security
Spread Privacy
Spread Privacy
C
Cyber Attacks, Cyber Crime and Cyber Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
雷峰网
雷峰网
博客园_首页
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog
The Hacker News
The Hacker News
T
Tor Project blog
L
Lohrmann on Cybersecurity
Know Your Adversary
Know Your Adversary
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
P
Privacy International News Feed
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
V
Vulnerabilities – Threatpost
大猫的无限游戏
大猫的无限游戏
博客园 - 【当耐特】
V
V2EX
Security Latest
Security Latest
A
About on SuperTechFans
Cloudbric
Cloudbric
S
Security Affairs
MongoDB | Blog
MongoDB | Blog
Y
Y Combinator Blog
Martin Fowler
Martin Fowler
TaoSecurity Blog
TaoSecurity Blog

博客园 - 雾里寻踪

【问题】/usr/bin/env: php: 没有那个文件或目录 PHP下生成非重复的id PHP下的手机号码效验 PHP的Enum(枚举)的实现 关于苹果safari浏览器登陆时Cookie无法保存的问题 关于jquery在页面初始化时radio控件选定默认值的问题 【转】线程池与工作队列 【转】移动发送短信的状态报告 【转】如何利用C#编写网页投票器程序|如何使用代理来投票|代理IP来投票 【转】修改内存地址内容,可以修改游戏金币值 【原创】关于mysqlcheck使用 【转】新手入门:关于C++中的内联函数(inline) 【转】面向Java开发人员的Flex开发指南 【转】使用 Eclipse C/C++ Development Toolkit (CDT)开发应用程序 【转】用 Eclipse 平台的CDT控件进行 C/C++ 开发 【转】漏洞规范及操作系统安全等级划分 【转】PHP 使用header函数设置HTTP头的示例方法 表头 【转】Windows系统下SVN 1.6 服务端和客户端安装配置 【转】Eclipse+CDT+Gcc编译选项控制
Centos下nginx支持https协议
雾里寻踪 · 2015-05-12 · via 博客园 - 雾里寻踪

1、首先配置nginx及其他插件,这个Google下,很多配置方案。

2、配置服务器的证书。操作步骤如下:

[root@localhost ~]# cd /etc/pki/tls/certs 
[root@localhost certs]# make server.key 
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
......................................................++++++
.............++++++
e is 61251 (0x10001)
Enter pass phrase:# set passphrase
Verifying - Enter pass phrase:# confirm
# remove passphrase from private key
[root@localhost certs]# openssl rsa -in server.key -out server.key 
Enter pass phrase for server.key:# input passphrase
writing RSA key
[root@localhost certs]#
[root@localhost certs]# make server.csr 
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #country
State or Province Name (full name) [e]:Beijing   #state
Locality Name (eg, city) [Default City]:Beijing  #city
Organization Name (eg, company) [Default Company Ltd]:Test   #company
Organizational Unit Name (eg, section) []:Test Haha   #department
Common Name (eg, your server's hostname) []:www.test.com   #server's FQDN
Email Address []:admin@test.com # email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:# Enter
An optional company name []:# Enter
[root@localhost certs]#
[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com 
Getting Private key
[root@localhost certs]# chmod 400 server.*

3、配置nginx的conf文件

我测试机器的nginx是安装在 /data/server/nginx目录下,配置文件在 /data/server/nginx/conf/目录下。

[root@localhost conf]# vi nginx.conf

ssl部分的配置如下

    server {
        #listen       80;
        listen       80 default_server;
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      /etc/pki/tls/certs/server.crt;
        ssl_certificate_key  /etc/pki/tls/certs/server.key;
        #charset koi8-r;

重新加载配置文件。

4、打开Centos自带iptables的443端口

[root@localhost conf]# vi /etc/sysconfig/iptables

增加一行

-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

重启iptables服务。

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。