一、Nginx-HTTPS

#安装nginx时,需要将 --with-http_ssl_module模块开启
1.首先生成密钥和证书文件

#创建证书存放目录
mkdir /usr/local/nginx/conf/ssl/

#在刚才创建的目录中建立服务器私钥,RSA密钥
openssl genrsa -out ccku.key 1024

#生成csr文件;依次输入国家、地区、组织等
openssl req -new -key ccku.key -out ccku.csr

#生成签字证书
openssl x509 -req -days 365 -sha256 -in ccku.csr -signkey ccku.key -out ccku.crt

2.在对应要加密的server标签中添加:

        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl/ccku.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/ccku.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";

二、设置http自动跳转https功能

1.将原有的server标签改为443端口

    server {
        listen 443;
        server_name blog.ccku.cn;
		……
	}

2.新增server标签(虚拟主机+rewrite)

    server {
        listen 80;
        server_name blog.ccku.cn
        rewrite ^(.*)$ https://blog.ccku.cn permanent;
        root html/blog;
        index index.html
    }

3.检查配置文件并重启服务验证

nginx -t
nginx -s reload

Nginx实现https和跳转功能