环境:nginx-1.4.0、php-5.4.13、openssl-1.0.1e
LINK: nginx php fpm多实例配置 openssl构建CA认证
配置nginx.conf
# HTTPS server server { listen 443 ssl default_server; server_name localhost; ssl on; ssl_certificate /usr/local/nginx/conf/ssl/server.pem; ssl_certificate_key /usr/local/nginx/conf/ssl/serverkey.pem; ssl_client_certificate /usr/local/nginx/conf/ssl/cacert.pem;# ssl_trusted_certificate /usr/local/nginx/demoCA/cacert.pem; ssl_crl /usr/local/nginx/conf/ssl/crl.pem;# ssl_stapling on;# ssl_stapling_verify on;# ssl_stapling_responder http://192.168.11.132/; ssl_verify_client optional_no_ca; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_verify_depth 1; root /usr/local/nginx/html; index index.php index.html; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; include fastcgi.conf; fastcgi_index index.php; expires off; } } |