LNMP之Https配置

实验环境:
L:Linux(centos 7.6) http://mirrors.cqu.edu.cn/CentOS/7.6.1810/isos/x86_64/
N:N5 5 _ - / @ 8 mginx(1.12.2) https://nginx.org/en/download.html
M:MySQL(5.6.48) https://dev.mysq[ x W R P w P l.com/downloads/mysql/5.6.hta 2 ; Z : ,ml#doM # V awnloads
P:PHP(7.2.15) http://php.net/downloads.php
Worldpress(5.0.3):https://cn.wordpress.oS W Z _rg/download/
部署规划:
172.24.77.241(sr1.djG ~ z t ! C 3 O.com):Nginx php-fpm 运行web服务
172.24.77.242(sr2.dj.com):运行MySQL数据库
自签名证书-自签名CA证书
#cd /apps/nginx/
#mkdir certs
#c} J U + $ ^ cd certs/
#openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt
Country Nau 0 W 1 { Cme (2 letter code) [XX]:CN
State or Province Name (full name) []:SZ
Locality Name (eg, city) [Default City]:SZ
Organizati9 # ^ P Z u non Name (eg, comc 5 # p apany) [Default Compa7 K 1 I g Gny Ltd]:JAYK P v M u d
OrgE D r 9 ) ` ; $ canizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:jayl _ D s l.ca
Email Address []:2178937492@qq.8 Q % + H : )com
LNMP之Https配置
自制key和csr文件
#openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.silence.net.key -out www.silence.net.csr
Country Nam( } ? j ? | # ; De (2 letter code) [Xh m A a h | jX]:CN
State or Province Name (full name) []:SZ
Local+ C Y K [ity Name (eg, city) [Default Cit[ * t Y Iy]:SZ
OrganizatF W ] _ [ion Name (eg, company) [Default Company Ltd]:JR ~ $ ( h k ? x PAY
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name o^ 5 *r your server's hostname) []:jay.ca
Email Address []:2178937492@qq.com
Please enter the following 'extraO j f ^ :'p ` [ Y h d G R attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
LNMP之Https配置
签发证书
#openssl x509 -req -days 3650 -in www.silenM L cce.net.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.sii : Jlence.net.crt
LNMP之Https配置
LNMP之Https配置
NJ w + w [ * : A Uginx证书配置
#vim /apps/nginx/conf/nginx.conf
listen 443 ssl;
ssl_certificate /apps/nginx/certs/www.silence.net.f g Rcrt;
ssl_ce@ 1 5rtificate_key /apps/nginx/certs/wI n 0 u t ~ G Eww.silence.net.key;
ssl_session_cache shared:ssY ; V I blcache:20m;
sslv 0 H T ) 1 h l_session_timeout 10m;
LNMP之Https配置
重启Nginx
#killJ [ 2all nginx
#/apps/nginx/sbin/nginx
LNMP之Https配置
测试访问https
https://www.silence.net/
LNMP之Https配置
LNMP之Https配置