Wednesday, August 15, 2012

Tạo ssl sử dụng https cho nginx

# Generate private key 
openssl genrsa -out ca.key 1024 

# Generate CSR 
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.pem

# Copy the files to the correct locations
cp ca.pem /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
 
 
Cấu hình nginx sử dụng ssl https 
 
  server {
        listen       443;
        server_name  111.44.9.33;


        ssl                  on;
        ssl_certificate      /usr/share/nginx/html/cydia/ca.pem;
        ssl_certificate_key  /usr/share/nginx/html/cydia/ca.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        location / {
            root   /usr/share/nginx/html;
            index  index.php index.html index.htm;
        }

        location ~ \.php$ {
            root           /usr/share/nginx/html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html$fastcgi_script_name;
            include        fastcgi_params;
        }

    }
 

No comments: