nginx配置https

//openssl必须是1.0.2[root@Nginx ~]# openssl versionOpenSSL 1.0.2k-fips ?26 Jan 2017//nginx必须有ssl模块[root@Nginx ~]# nginx -V --with-http_ssl_module [root@Nginx ~]# mkdir /usr/local/nginx/conf/ssl -p[root@Nginx ~]# cd //usr/local/nginx/conf/ssl 

[root@Nginx ssl]# openssl genrsa -idea -out server.key 2048Generating RSA private key, 2048 bit long modulus.....+++//记住配置密码, 我这里是1234Enter pass phrase for server.key:Verifying - Enter pass phrase for server.key:

[root@Nginx ssl]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crtCountry Name (2 letter code) [XX]:CNState or Province Name (full name) []:SZLocality Name (eg, city) [Default City]:SZOrganization Name (eg, company) [Default Company Ltd]:edu ???Organizational Unit Name (eg, section) []:SACommon Name (eg, your name or your server‘s hostname) []:xuli　　Email Address []:xuli@foxmail.com

server { ???listen 443; ???server_name localhost; ???ssl on; ???index index.html index.htm index.php; ???#ssl_session_cache share:SSL:10m; ???ssl_session_timeout 10m; ???ssl_certificate ??/usr/local/nginx/conf/ssl/server.crt; ???ssl_certificate_key ?/usr/local/nginx/conf/ssl/server.key; ???ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ???ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ???ssl_prefer_server_ciphers on; ???????location / { ?access_log /data/wwwlogs/www.ikmak.com_nginx.log combined; ?index index.html index.htm index.php; ?root /data/wwwroot/default; ???????} ???????location ~ [^/]\.php(/|$) { ???#fastcgi_pass remote_php_ip:9000; ???fastcgi_pass unix:/dev/shm/php-cgi.sock; ???fastcgi_index index.php; ???include fastcgi.conf; ???fastcgi_split_path_info ^(.+\.php)(/.+)$; ???fastcgi_param ??PATH_INFO ??$fastcgi_path_info; ???fastcgi_param ??SCRIPT_FILENAME $document_root$fastcgi_script_name; ?}}server { ???????listen 80; ???????server_name localhost; ???????rewrite ^(.*) https://$server_name$1 redirect;}