我们生成一个ssl证书,然后再来配置(有免费的证书最好了)
1 openssl genrsa -des3 -out server.key 1024 2 openssl req -new -key server.key -out server.csr 3 openssl rsa -in server.key -out server_nopwd.key 4 openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
然后配置/etc/nginx/sites-available/default
# HTTPS server
server {
listen 443;
server_name localhost;
root /usr/share/nginx/www;
index index.html index.htm;
ssl on;
ssl_certificate /home/pi/ssl/i.crt;
ssl_certificate_key /home/pi/ssl/i.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
}
(我只是把原来的配置删掉注释了而已,其他功能自行添加)