Nginx配置HTTPS

#openssl 1.0.1-1.0.1f 受到心脏出血漏洞的影响，需要升级[root@test88 ~]# openssl versionOpenSSL 1.0.1e-fips 11 Feb 2013cd /server/tools/wget http://www.openssl.org/source/openssl-1.0.1g.tar.gztar xf openssl-1.0.1g.tar.gzcd openssl-1.0.1g./config shared zlibmakemake installmv /usr/bin/openssl /usr/bin/openssl.oldmv /usr/include/openssl/ /usr/include/openssl.oldln -s /usr/local/ssl/bin/openssl /usr/bin/openssln -s /usr/local/ssl/include/openssl/ /usr/include/openssl#更新动态链接库数据echo "/usr/local/ssl/lib/" >> /etc/ld.so.confldconfig -v[root@test88 openssl-1.0.1g]# openssl versionOpenSSL 1.0.1g 7 Apr 2014

[root@test88 cert]# openssl genrsa -out cert.key 2048 ???生成证书私钥[root@test88 cert]# openssl req -new -key cert.key -out cert.csr ??生成证书请求文件[root@test88 cert]# openssl x509 -req -in cert.csr -out cert.pem -signkey cert.key -days 3650 ??签发数字证书，默认格式PEM#也可以openssl req -new -x509 -key cert.key -out cert.pem -days 3650 直接生成自签名证书

[root@test88 nginx]# vim conf/nginx.confworker_processes ?1;events { ???worker_connections ?1024;}http { ???include ??????mime.types; ???default_type ?application/octet-stream; ???sendfile ???????on; ???keepalive_timeout ?65; ???server { ???????listen ??????80; ???????server_name ?www.peter.com; ???????location / { ???????rewrite ^(.*) https://$server_name$1 permanent; ???????} ???} ???server { ???????listen ??????443; ???????server_name www.peter.com; ???????root html; ???????index index.html index.htm; ???????ssl on; ???????ssl_certificate cert.pem; ???????ssl_certificate_key cert.key; ???????ssl_session_timeout 5m; ???????ssl_protocols SSLv2 SSLv3 TLSv1; ???????ssl_ciphers HIGH:!aNULL:!MD5; ???????ssl_prefer_server_ciphers on; ???????location / { ???????} ???}}[root@test88 nginx]# sbin/nginx -t[root@test88 nginx]# sbin/nginx访问www.peter.com