重编译nginx, or cp sbin/nginx
./configure –prefix=/usr/local/nginx –with-http_stub_status_module –without-select_module –without-poll_module –with-http_ssl_module
编译完 check一下
[root@fr tmp]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/0.8.55
TLS SNI support enabled
configure arguments: –prefix=/usr/local/nginx –with-http_stub_status_module –without-select_module –without-poll_module –with-http_ssl_module –with-openssl=../openssl-1.0.0d/
其它的要用
cp走这个 nginx 就行了
/usr/local/nginx/sbin/nginx
### 在nginx 配置文件 加入下面内容就行 如下算是两种
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/ca/dovogame.com.cer;
ssl_certificate_key /usr/local/nginx/conf/ca/dovogame.com.key;
add_header P3P 'CP="CAO DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT STA",policyr
ef="/w3c/p3p.xml"';
server_name s0.dovogame.com;
charset utf-8;
access_log off;
root /data/www/html_s0;
index index.php index.htm index.html;
index index.html;
location ~ .*.php?$ {
include fcgi.conf;
fastcgi_pass 127.0.0.1:10081;
fastcgi_index index.php;
}
}
server {
#listen [::]:80;
#listen [::]:80 ipv6only=on;
listen 443 ssl;
server_name game.com ;
ssl_certificate /data/game.com.crt;
ssl_certificate_key /data/game.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
##注意 要这个的
nginx restart 一看 port 443 来了 ok
check http://www.trustasia.com/ssl-tools/ssl-checker/
nginx 官方文档
http://nginx.org/en/docs/http/configuring_https_servers.html#chains
##不错的文章 http://www.21andy.com/blog/20100224/1714.html
