#!/bin/bash
if ! rpm -qa | grep -q "openssl|openssl-devel"
then
yum install -y openssl openssl-devel
fi
src='/opt/nginx/conf'
password='123456'
Country='cn'
Province='cq'
City='cq'
Company='test'
Org='test'
hostname='www.jforum.com'
eAddress='xxx.qq.com'
mkdir -p ${src}/ssl
cd ${src}/ssl
openssl genrsa -des3 -out server.key 1024 << EOF
${password}
${password}
EOF
openssl req -new -key server.key -out server.csr << EOF
${password}
${Country}
${Province}
${City}
${Company}
${Org}
${hostname}
${eAddress}
${password}
${Company}
EOF
openssl rsa -in server.key -out server_nopassword.key << EOF
${password}
EOF
openssl x509 -req -days 365 -in server.csr -signkey server_nopassword.key -out server.crt
#生成这4个文件 :server.crt server.csr server.key server_nopassword.key
#脚本:需要手动输入4次密码。都是一样的
server {
listen 80;
server_name test.com;
index index.html index.htm;
rewrite ^/(.*)$ https://$server_name/$1 permanent;
}
server {
listen 443 ssl;
server_name test.com;
ssl_certificate /opt/nginx/conf/ssl/server.crt; #主要是这两个文件
ssl_certificate_key /opt/nginx/conf/ssl/server_nopassword.key; #主要是这两个文件
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /opt/nginx/html;
index index.html index.htm;
}
}