惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
O
OpenAI News
D
Docker
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
人人都是产品经理
人人都是产品经理
Y
Y Combinator Blog
M
MIT News - Artificial intelligence
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 司徒正美
C
CXSECURITY Database RSS Feed - CXSecurity.com
阮一峰的网络日志
阮一峰的网络日志
K
Kaspersky official blog
Security Latest
Security Latest
T
Tailwind CSS Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
V
Vulnerabilities – Threatpost
W
WeLiveSecurity
N
News and Events Feed by Topic
aimingoo的专栏
aimingoo的专栏
美团技术团队
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cyber Attacks, Cyber Crime and Cyber Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
B
Blog
T
The Blog of Author Tim Ferriss
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
爱范儿
爱范儿
宝玉的分享
宝玉的分享
腾讯CDC
H
Heimdal Security Blog
Webroot Blog
Webroot Blog
AI
AI
WordPress大学
WordPress大学
Recorded Future
Recorded Future
SecWiki News
SecWiki News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Security Archives - TechRepublic
Security Archives - TechRepublic
Google Online Security Blog
Google Online Security Blog
C
Check Point Blog
TaoSecurity Blog
TaoSecurity Blog
Cisco Talos Blog
Cisco Talos Blog
The Cloudflare Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - Franky
云风的 BLOG
云风的 BLOG

博客园 - 雾里寻踪

【问题】/usr/bin/env: php: 没有那个文件或目录 PHP下生成非重复的id PHP下的手机号码效验 PHP的Enum(枚举)的实现 关于苹果safari浏览器登陆时Cookie无法保存的问题 关于jquery在页面初始化时radio控件选定默认值的问题 【转】线程池与工作队列 【转】移动发送短信的状态报告 【转】如何利用C#编写网页投票器程序|如何使用代理来投票|代理IP来投票 【转】修改内存地址内容,可以修改游戏金币值 【原创】关于mysqlcheck使用 【转】新手入门:关于C++中的内联函数(inline) 【转】面向Java开发人员的Flex开发指南 【转】使用 Eclipse C/C++ Development Toolkit (CDT)开发应用程序 【转】用 Eclipse 平台的CDT控件进行 C/C++ 开发 【转】漏洞规范及操作系统安全等级划分 【转】PHP 使用header函数设置HTTP头的示例方法 表头 【转】Windows系统下SVN 1.6 服务端和客户端安装配置 【转】Eclipse+CDT+Gcc编译选项控制
Centos下nginx支持https协议
雾里寻踪 · 2015-05-12 · via 博客园 - 雾里寻踪

1、首先配置nginx及其他插件,这个Google下,很多配置方案。

2、配置服务器的证书。操作步骤如下:

[root@localhost ~]# cd /etc/pki/tls/certs 
[root@localhost certs]# make server.key 
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
......................................................++++++
.............++++++
e is 61251 (0x10001)
Enter pass phrase:# set passphrase
Verifying - Enter pass phrase:# confirm
# remove passphrase from private key
[root@localhost certs]# openssl rsa -in server.key -out server.key 
Enter pass phrase for server.key:# input passphrase
writing RSA key
[root@localhost certs]#
[root@localhost certs]# make server.csr 
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #country
State or Province Name (full name) [e]:Beijing   #state
Locality Name (eg, city) [Default City]:Beijing  #city
Organization Name (eg, company) [Default Company Ltd]:Test   #company
Organizational Unit Name (eg, section) []:Test Haha   #department
Common Name (eg, your server's hostname) []:www.test.com   #server's FQDN
Email Address []:admin@test.com # email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:# Enter
An optional company name []:# Enter
[root@localhost certs]#
[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com 
Getting Private key
[root@localhost certs]# chmod 400 server.*

3、配置nginx的conf文件

我测试机器的nginx是安装在 /data/server/nginx目录下,配置文件在 /data/server/nginx/conf/目录下。

[root@localhost conf]# vi nginx.conf

ssl部分的配置如下

    server {
        #listen       80;
        listen       80 default_server;
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      /etc/pki/tls/certs/server.crt;
        ssl_certificate_key  /etc/pki/tls/certs/server.key;
        #charset koi8-r;

重新加载配置文件。

4、打开Centos自带iptables的443端口

[root@localhost conf]# vi /etc/sysconfig/iptables

增加一行

-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

重启iptables服务。

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。