nginx 配置ssl

    昨天老大讓我去配置ssl，證書申請下來了，開始配置，首先https用的是443端口，需要在防火牆中開啓443端口，然後在nginx.conf中配置，例如下：如果需要雙向認證，需要客戶端ca證書，否則就不配置ca的部分，例如：

server {
    listen       443 ssl;
    server_name  localhost;


    ssl on;
    ssl_certificate      /usr/local/nginx/sslKey/域名.cer;
    ssl_certificate_key  /usr/local/nginx/sslKey/域名.key;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;


    location / {
       #root /mnt/omega/image ;
       #index index.html index.htm;
       proxy_pass http://localhost:8070;
       proxy_set_header   Host    $host;
       proxy_set_header   X-Real-IP   $remote_addr;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_connect_timeout 3000s;
       proxy_send_timeout 3000s;
       proxy_read_timeout 3000s;
       client_max_body_size    1000m;
    }
}

如果開啓客戶端雙向認證：

server {
    listen       443 ssl;
    server_name  域名;


    ssl on;
    ssl_certificate      /usr/local/nginx/sslKey/域名.cer;
    ssl_certificate_key  /usr/local/nginx/sslKey/域名.key;

 ssl_client_certificate /usr/local/nginx/sslKey/ca.crt; #ca證書


    ssl_session_timeout  5m;
    ssl_verify_client on;  #開戶客戶端證書驗證

    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;


    location / {
       #root /mnt/omega/image ;
       #index index.html index.htm;
       proxy_pass http://localhost:8070;
       proxy_set_header   Host    $host;
       proxy_set_header   X-Real-IP   $remote_addr;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_connect_timeout 3000s;
       proxy_send_timeout 3000s;
       proxy_read_timeout 3000s;
       client_max_body_size    1000m;
    }
}

這樣就好了，然後./nginx/sbin/nginx -s stop 停止， ‘./nginx/sbin/nginx ’啓動，然後就好了。