{"id":1390,"date":"2012-06-12T17:41:23","date_gmt":"2012-06-12T09:41:23","guid":{"rendered":"http:\/\/lordong.me\/wp\/?p=1390"},"modified":"2012-06-12T17:41:23","modified_gmt":"2012-06-12T09:41:23","slug":"nginx%e4%b8%8a%e9%83%a8%e7%bd%b2startssl%e7%9a%84%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/lordong.xyz\/wp\/post\/1390.html","title":{"rendered":"Nginx\u4e0a\u90e8\u7f72StartSSL\u7684\u65b9\u6cd5"},"content":{"rendered":"

\u53bb\u5e74\u5199\u8fc7\u4e00\u7bc7\u201cVPS\u4e0a\u5b89\u88c5Lnmp\u548c\u914d\u7f6eSSL<\/a>\u201d\uff0c\u521a\u5f00\u59cb\u65f6\u4f7f\u7528LNMP\uff0c\u540e\u6765\u89c9\u5f97Nginx\u914d\u7f6e\u4e0d\u517c\u5bb9Apache\u5c31\u53c8\u6362\u6210\u4e86LAMP\uff0c\u4e3b\u8981\u8fd8\u662fVPS\u7684\u5185\u5b58\u6bd4\u8f83\u8db3\u3002\u8fd9\u4f1a\u6362\u6210Xen\u540e\u5185\u5b58\u53ea\u6709256M\uff0c\u53ea\u80fd\u91cd\u56deLNMP\u4e86\u3002<\/p>\n

\u9996\u5148\u662f\u7528vhost.sh\u6765\u7ed9SSL\u7684\u5b50\u57df\u6dfb\u52a0\u4e00\u4e2a\u76ee\u5f55\u548c\u5bf9\u5e94\u7684\u6743\u9650\uff0c\u7136\u540e\u7f16\u8f91vhost\u76ee\u5f55\u4e0b\u65b0\u5efa\u7684conf\u6587\u4ef6\u3002<\/p>\n

1. \u5728\u7b2c\u4e00\u4e2alocation\u4e4b\u524d\u52a0\u4e0a\u4e0b\u9762\u4e00\u6bb5\uff0cxxx\u662fStartSSL\u7684\u8bc1\u4e66\u6587\u4ef6\u540d\uff1a
\n[bash]ssl on;
\nssl_certificate \/usr\/local\/nginx\/conf\/xxx.crt;
\nssl_certificate_key \/usr\/local\/nginx\/conf\/xxx.key;
\nssl_session_timeout 5m;<\/p>\n

ssl_protocols SSLv2 SSLv3 TLSv1;
\nssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
\nssl_prefer_server_ciphers on;[\/bash]<\/p>\n

2. \u5728\u5404php\u76f8\u5173\u7684location\u4e0b\u589e\u52a0\u201cfastcgi_param \u00a0 HTTPS on;\u201d\u4e00\u884c\u3002\uff08PS. \u5b9e\u6d4b\u65f6\u4e0d\u52a0\u8fd9\u4e00\u884c\u4e5f\u6ca1\u95ee\u9898\uff09<\/p>\n

3. \u4eceStartSSL\u4e0b\u8f7d\u6839\u8bc1\u4e66\uff0c\u5e76\u8ffd\u52a0\u5230xxx.crt\u6587\u4ef6\u4e2d\uff1a
\n[bash]wget http:\/\/www.startssl.com\/certs\/sub.class1.server.ca.pem
\ncp xxx.crt xxx.crt.old
\ncat sub.class1.server.ca.pem >> xxx.crt[\/bash]<\/p>\n

\u8fd9\u91cc\u9700\u8981\u6ce8\u610f\u7684\u4e00\u70b9\u662f\uff0cxxx.crt\u8bc1\u4e66\u4fdd\u5b58\u65f6\u5fc5\u987b\u4ee5Linux\u6362\u884c\u683c\u5f0f\u4fdd\u5b58\uff0c\u5e76\u4e14\u6700\u540e\u4fdd\u7559\u4e00\u7a7a\u884c\uff0c\u8fd9\u6837\u901a\u8fc7cat\u8ffd\u52a0ca.pem\u6587\u4ef6\u65f6\u6839\u8bc1\u4e66\u624d\u4f1a\u53e6\u8d77\u4e00\u884c\uff0c\u5426\u5219\u4f1a\u51fa\u9519\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u53bb\u5e74\u5199\u8fc7\u4e00\u7bc7\u201cVPS\u4e0a\u5b89\u88c5Lnmp\u548c\u914d\u7f6eSSL\u201d\uff0c\u521a\u5f00\u59cb\u65f6\u4f7f\u7528LNMP\uff0c\u540e\u6765\u89c9\u5f97Nginx\u914d\u7f6e\u4e0d\u517c\u5bb9Apach […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[112],"class_list":["post-1390","post","type-post","status-publish","format-standard","hentry","category-6","tag-vps"],"_links":{"self":[{"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/posts\/1390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/comments?post=1390"}],"version-history":[{"count":0,"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/posts\/1390\/revisions"}],"wp:attachment":[{"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/media?parent=1390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/categories?post=1390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lordong.xyz\/wp\/wp-json\/wp\/v2\/tags?post=1390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}