Of Stack

Configure the tutorials for StartSSL and SSL under the Nginx server

  • 2020-05-09 19:57:04
  • OfStack

Step 1 apply for a local certificate

1. I won't say much about software like openssl. If you don't bring it with you, you can use yum by yourself 


[root@e2fsck ~]# openssl genrsa -des3 -out e2fsck.org.key 2048
Generating RSA private key, 1024 bit long modulus
 ...... ..++++++
 ...... ..++++++
e is 65537 (0 x 10001)
Enter pass phrase for e2fsck.org.key:  Enter the password 
Verifying  �  Enter pass phrase for e2fsck.org.key:  Enter the password 

[root@e2fsck ~]# openssl req -new -key e2fsck.org.key -out e2fsck.org.csr
Enter pass phrase for e2fsck.org.key:  Enter the password 
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter  ' .', the field will be left blank.
 -  �  

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:JS
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:e2fsck
Organizational Unit Name (eg, section) []:e2fsck.org
Common Name (eg, your name or your server's hostname) []:*.e2fsck.org
Email Address []:root@e2fsck.org

Please enter the following  ' extra' attributes
to be sent with your certificate request
A challenge password []:  Directly enter 
An optional company name []:  Directly enter 

[root@e2fsck ~]# openssl rsa -in e2fsck.org.key -out e2fsck.org_nopass.key
Enter pass phrase for e2fsck.org.key:  Enter the password above 
writing RSA key

[root@e2fsck ~]# ls

e2fsck.org.csr e2fsck.org.key e2fsck.org_nopass.key

 

Step 2 go to startssl and apply for a free certificate

1. Log on the official website http: / / www startssl. com / & # 63; app = 0

2. Select Control Panel (top right) and then Express Lane (bottom large icon)

3. Fill in the registration information (try to be real, or it will be difficult to pass), and then go to the email, there are two emails, the second email with an address, you can log in

4. Once inside, do something as simple as the next step and select Certificates Wizard

5. Certificate Target: Web Server SSL/TLS Certificate

6. Select Skip because it was configured in step 1

7. Here the e2fsck in step 1. org. csr content and paste here

8. Then there's the next step, the simple thing of adding a domain name

9. The last see 1 piece of code is crt certificate, preserved, I named here e2fsck org. crt then put it on the/usr/local/nginx/conf directory (where you literally)

10. In order for some browsers to recognize the certificate, we have to merge the CA root certificate with our certificate 


[root@e2fsck ~]# cd /usr/local/nginx/conf/   # I've put all my certificates here in this directory 

[root@e2fsck conf]# wget http://cert.startssl.com/certs/ca.pem

[root@e2fsck conf]# wget http://cert.startssl.com/certs/sub.class1.server.ca.pem

[root@e2fsck conf]# cp e2fsck.org.crt e2fsck.org.bak   # Under the first backup 

[root@e2fsck conf]# cat ca.pem sub.class1.server.ca.pem >> e2fsck.org.crt

Then edit e2fsck. org. crt   put inside 


 - � END CERTIFICATE -- - -BEGIN CERTIFICATE - �

Separate, let's do it like this 


 - � END CERTIFICATE - � 
 - � BEGIN CERTIFICATE - �

 

Step 3: configure nginx.conf

Mainly to modify this paragraph 

server {   listen    443;   server_name www.e2fsck.org;   index index.html index.htm index.php;   ssl         on;            <span id="note"># This is the main one </span>   ssl_certificate   e2fsck.org.crt;   ssl_certificate_key e2fsck.org_nopass.key;   ssl_session_timeout 5m;   ssl_protocols SSLv2 SSLv3 TLSv1;   ssl_ciphers HIGH:!aNULL:!MD5;   ssl_prefer_server_ciphers  on;   location ~ .php$ {               <span id="note"># this 1 The little segment is for  https  Can parse  php</span>     root      html;     fastcgi_pass  127.0.0.1:9000;     fastcgi_index index.php;     fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;     fastcgi_param HTTPS on;     include    fastcgi.conf;   }   if (-f $request_filename/index.html){      <span id="note"># If the SSL I did pseudo static, and I'm going to do the same thing here </span>     rewrite (.*) $1/index.html break;   }   if (-f $request_filename/index.php){      rewrite (.*) $1/index.php;   }   if (!-f $request_filename){     rewrite (.*) /index.php;   }   #location / {   #root  html;   #index index.html index.htm index.php;   #} }


Then restart nginx (if ssl has not been configured before, 1 must restart, reload does not work)

 

Step 4: test ssl

The browser input https: / / www. e2fsck. org can see ssl already can work normally

Related articles: