nginxÔõôÓÃsslÖ¤Êé
ͨ¹ýÒÔÏ°취ÉèÖà nginx ʹÓà ssl Ö¤Ê飺´ÓÊÜÐÅÍÐµÄ ca »ñÈ¡ ssl Ö¤Êé¡£½¨Éè nginx ÐéÄâÖ÷»ú£¬²¢°üÀ¨ listen 443 ssl;¡¢server_name¡¢ssl_certificate¡¢ssl_certificate_key Ö¸Áî¡£Öض¨ÏòËùÓÐ http ÇëÇóÖÁ https¡£ÖØÆô nginx ²¢ÑéÖ¤ ssl ÉèÖá£
ÔõÑùʹÓà SSL Ö¤ÊéÉèÖà Nginx
ʹÓà SSL Ö¤ÊéÉèÖà Nginx ¿ÉÒÔ±£»¤ÄúµÄÍøÕ¾ÃâÊÜ¿ú̽ºÍÍøÂç¹¥»÷£¬²¢½¨ÉèÓû§ÐÅÍС£
°ì·¨ 1£º»ñÈ¡ SSL Ö¤Êé
´ÓÊÜÐÅÍеÄÖ¤Êé½ÒÏþ»ú¹¹ (CA) »ñÈ¡ SSL Ö¤Êé¡£
ƾ֤ CA µÄ°ì·¨ÌìÉúÖ¤ÊéÊðÃûÇëÇó (CSR)¡£
Ìá½» CSR ÒÔ»ñÈ¡ SSL Ö¤Êé¡£
°ì·¨ 2£ºÉèÖà Nginx ÐéÄâÖ÷»ú
ÔÚÄúµÄ Nginx ÉèÖÃÎļþÖн¨ÉèÒ»¸öеÄÐéÄâÖ÷»ú¿é¡£
ÔÚÐéÄâÖ÷»ú¿éÖаüÀ¨ÒÔÏÂÖ¸Á
listen 443 ssl; server_name www.example.com; ssl_certificate /path/to/ssl.crt; ssl_certificate_key /path/to/ssl.key;
µÇ¼ºó¸´ÖÆ
½« www.example.com Ì滻ΪÄúµÄÓòÃû¡£
½« /path/to/ssl.crt Ì滻Ϊ SSL Ö¤ÊéÎļþµÄ·¾¶¡£
½« /path/to/ssl.key Ì滻Ϊ SSL ÃÜÔ¿ÎļþµÄ·¾¶¡£
°ì·¨ 3£ºÖض¨ÏòÖÁ HTTPS
ÔÚÐéÄâÖ÷»ú¿éÖÐÌí¼ÓÒÔÏÂÖ¸Á½«ËùÓÐ HTTP ÇëÇóÖض¨Ïòµ½ HTTPS£º
rewrite ^ https://$server_name$request_uri? permanent;
µÇ¼ºó¸´ÖÆ
°ì·¨ 4£º²âÊÔÉèÖÃ
ÖØÐÂÆô¶¯ Nginx¡£
ʹÓà SSL ²âÊÔ¹¤¾ß (Èç ssllabs.com) ÑéÖ¤ÄúµÄ SSL ÉèÖá£
ÆäËû×¢ÖØÊÂÏ
È·±£ÄúµÄ SSL Ö¤ÊéΪ×îа汾¡£
°´ÆÚÐø¶©ÄúµÄ SSL Ö¤Êé¡£
ÔÚÄúµÄ Nginx ÉèÖÃÖÐÆôÓà SSL Ç¿ÖÆÑ¡ÏÒÔÈ·±£ËùÓÐÁ÷Á¿¶¼Í¨¹ý HTTPS¡£
˼Á¿Ê¹Óà HTTP/2 ÐÒéÀ´Ìá¸ßÍøÕ¾ÐÔÄÜ¡£
ÒÔÉϾÍÊÇnginxÔõôÓÃsslÖ¤ÊéµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡