1.1\u68c0\u67e5Nginx\u7684SSL\u6a21\u5757\u662f\u5426\u5b89\u88c5<\/p>\n
[root@web-node1~]# \/application\/nginx\/sbin\/nginx -V<\/span> 1.2.1\u521b\u5efa\u670d\u52a1\u5668\u79c1\u94a5<\/p>\n [root@web-node1~]# cd \/application\/nginx\/conf\/<\/span> [root@web-node1 key]# openssl req -new -key server.key -out server.csr<\/span> Please enter the following \u2018extra\u2019 attributes [root@web-node1 key]# cp server.key server.key.ori<\/span> [root@web-node1 key]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt<\/span> [root@web-node1 ~]# cat \/application\/nginx\/conf\/vhosts\/www.conf<\/span> location \/ { [root@web-node1 ~]# \/application\/nginx\/sbin\/nginx -s reload<\/span> 1.1\u68c0\u67e5Nginx\u7684SSL\u6a21\u5757\u662f\u5426\u5b89\u88c5 [root@web-node1~]# \/application\/ng...<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15329],"tags":[],"class_list":["post-216","post","type-post","status-publish","format-standard","hentry","category-nginx"],"_links":{"self":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts\/216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=216"}],"version-history":[{"count":0,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=\/wp\/v2\/posts\/216\/revisions"}],"wp:attachment":[{"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lnmp.ivan.xin\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nnginx version: nginx\/1.6.3
\nbuilt by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
\nTLS SNI support enabled
\nconfigure arguments: \u2013prefix=\/application\/nginx-1.6.3 \u2013user=nginx \u2013group=nginx \u2013with-http_ssl_module \u2013with-http_stub_status_module
\n1.2\u51c6\u5907\u79c1\u94a5\u548c\u8bc1\u4e66<\/p>\n
\n[root@web-node1 conf]# mkdir key<\/span>
\n[root@web-node1 conf]# cd key\/<\/span>
\n[root@web-node1 key]# openssl genrsa -des3 -out server.key 1024<\/span>
\nGenerating RSA private key, 1024 bit long modulus
\n..++++++
\n\u2026++++++
\ne is 65537 (0x10001)
\nEnter pass phrase for server.key:
\nVerifying \u2013 Enter pass phrase for server.key:
\n1.2.2\u7b7e\u53d1\u8bc1\u4e66<\/p>\n
\nEnter pass phrase for server.key:
\nYou are about to be asked to enter information that will be incorporated
\ninto your certificate request.
\nWhat you are about to enter is what is called a Distinguished Name or a DN.
\nThere are quite a few fields but you can leave some blank
\nFor some fields there will be a default value,
\nIf you enter \u2018.\u2019, the field will be left blank.
\n\u2014\u2013
\nCountry Name (2 letter code) [XX]:CN<\/span>
\nState or Province Name (full name) []:BJ<\/span>
\nLocality Name (eg, city) [Default City]:BJ<\/span>
\nOrganization Name (eg, company) [Default Company Ltd]:TEST<\/span>
\nOrganizational Unit Name (eg, section) []:TEST<\/span>
\nCommon Name (eg, your name or your server\u2019s hostname) []:TEST<\/span>
\nEmail Address []:test@test.com<\/span><\/p>\n
\nto be sent with your certificate request
\nA challenge password []:
\nAn optional company name []:
\n1.2.3\u5220\u9664\u670d\u52a1\u5668\u79c1\u94a5\u53e3\u4ee4<\/p>\n
\n[root@web-node1 key]# openssl rsa -in server.key.ori -out server.key<\/span>
\nEnter pass phrase for server.key.ori:
\nwriting RSA key
\n1.2.4\u751f\u6210\u4f7f\u7528\u7b7e\u540d\u8bf7\u6c42\u8bc1\u4e66\u548c\u79c1\u94a5\u751f\u6210\u81ea\u7b7e\u8bc1\u4e66<\/p>\n
\nSignature ok
\nsubject=\/C=CN\/ST=BJ\/L=BJ\/O=SDU\/OU=SA\/CN=XuBuSi\/emailAddress=xubusi@xuliangwei.com
\nGetting Private key
\n1.3\u5f00\u542fNginx SSL<\/p>\n
\nserver {
\nserver_nameblog.xuliangwei.com;
\n#listen 80;
\nlisten 443;<\/span>
\n ssl on;<\/span>
\n ssl_certificate key\/server.crt;<\/span>
\n ssl_certificate_key key\/server.key;<\/span><\/p>\n
\nroothtml\/blog;
\nindex index.php index.html index.htm;
\naccess_log \/app\/logs\/blog.xuliangwei.log main;
\n}
\n}
\n1.3.1\u91cd\u542fnginx\u751f\u6548<\/p>\n
\n[root@web-node1 ~]# netstat -lntup|grep 443<\/span>
\ntcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1711\/nginx<\/p>\n","protected":false},"excerpt":{"rendered":"