1. 创建证书请求文件
条件:私钥+证书签名请求+openssl
yum install -y openssl
mkdir /root/ssl/ && cd /root/ssl/
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr
2. 由证书机构颁发证书
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
server.key -- 私钥
server.csr -- 证书签名请求
server.crt -- 自签名证书
3. 配置nginx
server {
listen 3666 ssl; # port
server_name www.server.com; # host
ssl_certificate /root/ssl/server.crt; #上面文件的路径
ssl_certificate_key /root/ssl/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/ror/cas/public; #Rails应用的目录
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.3.0/wrappers/ruby;
access_log /var/ror/logs/access.log;
error_log /var/ror/logs/error.log;
}
参考:https://devcenter.heroku.com/articles/ssl-certificate-self
参考:http://nginx.org/en/docs/http/configuring_https_servers.html