使用 openssl 生成 https 證書, 並在 nginx 中配置 https

1. 創建一個私鑰

openssl genrsa -des3 -out server.key 2048

2. 生成 CSR
Common Name 要輸入域名

openssl req -new -key server.key -out server.csr

3. 刪除私鑰中的密碼, 有利於自動化部署

openssl rsa -in server.key -out server.key

4. 生成自簽名證書

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5. 生成 PEM 格式的證書

openssl x509 -in server.crt -out server.pem -outform PEM

6. nginx 配置

server {
    listen  80;
    server_name  baidu.com;
    # return  301  https://baidu.com;
    # return  301  https://$host$request_uri;
    rewrite  ^(.*)$  https://baidu.com  permanent;
}

server {
    listen  443 ssl;
    server_name  baidu.com;
    keepalive_timeout  70;

    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
    ssl_certificate  /home/bigdata/csr/server.pem;
    ssl_certificate_key  /home/bigdata/csr/server.key;
    ssl_session_cache  shared:SSL:10m;
    ssl_session_timeout  10m;

    location / {
        alias  html/;
        index  index.html;
    }
}