1\u3001\u5148\u8bf4\u8bf4Nginx-HTTPS\u52a0\u5bc6\u6280\u672f<\/strong><\/div>\n
\u8d85\u6587\u672c\u4f20\u8f93\u5b89\u5168\u534f\u8bae(HTTPS)\u662f\u4ee5\u5b89\u5168\u4e3a\u76ee\u6807\u7684HTTP\u901a\u9053\uff0c\u7b80\u5355\u6765\u8bf4\u5c31\u662fHTTP\u5b89\u5168\u7248\u3002https\u7531\u4e24\u4e2a\u90e8\u5206\u7ec4\u6210\uff1aHTTP+SSL\/TLS\uff0c\u5728http\u57fa\u7840\u4e0a\u52a0\u4e0a\u4e86\u4e00\u5c42\u52a0\u5bc6\u4fe1\u606f\u6a21\u5757\uff0c\u670d\u52a1\u7aef\u548c\u5ba2\u6237\u7aef\u7684\u4fe1\u606f\u63d2\u635f\u80e1\u90fd\u4f1a\u901a\u8fc7TLS\u8fdb\u884c\u52a0\u5bc6\uff0c\u4f20\u8f93\u7684\u6570\u636e\u90fd\u662f\u52a0\u5bc6\u540e\u7684\u6570\u636e\u3002<\/p>\n
\u4e3a\u4e86\u89e3\u51b3HTTP\u534f\u8bae\u7684\u8fd9\u4e9b\u7f3a\u9677\uff0c\u9700\u8981\u4f7f\u7528\u53e6\u4e00\u79cd\u534f\u8bae\uff1aHTTPS\u3002\u4e3a\u4e86\u6570\u636e\u4f20\u8f93\u7684\u5b89\u5168\u6027\uff0cHTTPS\u5728http\u7684\u57fa\u7840\u4e0a\u52a0\u4e86SSL\u534f\u8bae\uff0cSSL\u4f9d\u9760\u8bc1\u4e66\u9a8c\u8bc1\u8eab\u4efd\uff0c\u5e76\u4e3a\u6d4f\u89c8\u5668\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u901a\u4fe1\u52a0\u5bc6\u3002<\/p>\n
SSL\u8bc1\u4e66\u662f\u4e00\u79cd\u6570\u5b57\u8bc1\u4e66\uff0c\u4f7f\u7528Secure Socket Layer\u534f\u8bae\u5728\u6d4f\u89c8\u5668\u548cweb\u670d\u52a1\u5668\u4e4b\u95f4\u5efa\u7acb\u4e00\u6761\u5b89\u5168\u901a\u9053\uff0c\u4ece\u800c\u5b9e\u73b0\u6570\u636e\u4fe1\u606f\u5728\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u52a0\u5bc6\u4f20\u8f93\uff0c\u4fdd\u8bc1\u53cc\u65b9\u4f20\u9012\u4fe1\u606f\u7684\u5b89\u5168\u6027\uff0c\u4e0d\u53ef\u88ab\u7b2c\u4e09\u65b9\u7a83\u542c\uff0c\u800c\u4e14\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u670d\u52a1\u5668\u8bc1\u4e66\u9a8c\u8bc1\u6240\u8bbf\u95ee\u7f51\u7ad9\u662f\u5426\u771f\u5b9e\u53ef\u9760\u3002<\/p>\n
\u52a0\u5bc6\u7684HTTPS\u548cHTTP\u7684\u533a\u522b:\u8d85\u6587\u672c\u4f20\u8f93\u534f\u8baeHTTP\u534f\u8bae\u88ab\u7528\u4e8e\u5728web\u6d4f\u89c8\u5668\u548c\u7f51\u7ad9\u670d\u52a1\u5668\u4e4b\u95f4\u4f20\u9012\u4fe1\u606f\uff0cHTTP\u534f\u8bae\u4ee5\u660e\u6587\u65b9\u5f0f\u53d1\u9001\u5185\u5bb9\uff0c\u4e0d\u63d0\u4f9b\u4efb\u4f55\u65b9\u5f0f\u7684\u52a0\u5bc6\u6570\u636e\uff0c\u5982\u679c\u653b\u51fb\u8005\u622a\u53d6\u4e86web\u6d4f\u89c8\u5668\u548c\u7f51\u7ad9\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u4f20\u8f93\u62a5\u6587\uff0c\u5c31\u53ef\u4ee5\u76f4\u63a5\u8bfb\u53d6\u5176\u4e2d\u4fe1\u606f\uff0c\u56e0\u6b64\uff0chttp\u534f\u8bae\u4e0d\u9002\u5408\u4f20\u8f93\u4e00\u4e9b\u94ed\u611f\u4fe1\u606f\u3002<\/p>\n
HTTPS\u52a0\u5bc6\uff0c\u89e3\u5bc6\uff0c\u9a8c\u8bc1\u5b8c\u6210\u8fc7\u7a0b\u5982\u56fe\u6240\u793a\uff1a
\n $\"\"$ <\/p>\n
\u9996\u5148\u5ba2\u6237\u7aef\u53d1\u9001\u8bf7\u6c42\uff0c\u670d\u52a1\u7aef\u63a5\u53d7\u5230\u8bf7\u6c42\u4e4b\u540e\u5e76\u7533\u8bf7\u751f\u6210\u516c\u79c1\u79d8\u94a5\uff0c\u540c\u65f6\u5c06\u516c\u94a5\u8bc1\u4e66\u53d1\u9001\u7ed9\u5ba2\u6237\u7aef\uff0c\u5ba2\u6237\u7aef\u6536\u5230\u4e4b\u540e\u5e76\u901a\u8fc7TLS\u8fdb\u884c\u89e3\u6790\u9a8c\u8bc1\uff0c\u5982\u679c\u8bc1\u4e66\u6ca1\u6709\u95ee\u9898\u5c31\u4f1a\u5728\u5ba2\u6237\u7aef\u751f\u6210\u4e00\u4e2a\u52a0\u5bc6\u968f\u673a\u503c\uff0c\u5c06\u968f\u673a\u503c\u53d1\u9001\u7ed9\u670d\u52a1\u7aef\uff0c\u670d\u52a1\u7aef\u63a5\u6536\u5230\u4e4b\u540e\uff0c\u7528\u81ea\u5df1\u7684\u79c1\u94a5\u89e3\u5bc6\uff0c\u4ece\u800c\u5f97\u5230\u8fd9\u4e2a\u968f\u673a\u503c\uff0c\u7136\u540e\u901a\u8fc7\u8fd9\u4e2a\u968f\u673a\u503c\u5bf9\u5185\u5bb9\u8fdb\u884c\u5bf9\u79f0\u52a0\u5bc6\u3002\u670d\u52a1\u7aef\u5c06\u7528\u79c1\u94a5\u52a0\u5bc6\u540e\u7684\u4fe1\u606f\u53d1\u9001\u7ed9\u5ba2\u6237\u7aef\uff0c\u6700\u540e\uff0c\u5ba2\u6237\u7aef\u7528\u4e4b\u524d\u751f\u6210\u7684\u79c1\u94a5\u6765\u89e3\u5bc6\u670d\u52a1\u5668\u7aef\u53d1\u8fc7\u6765\u7684\u4fe1\u606f\uff0c\u83b7\u53d6\u89e3\u5bc6\u540e\u7684\u5185\u5bb9\u3002<\/p>\n
1)\u5ba2\u6237\u7aef\u5411\u670d\u52a1\u7aef\u53d1\u8d77HTTPS\u8bf7\u6c42\uff0c\u7528\u6237\u5728\u6d4f\u89c8\u5668\u8f93\u5165https\u7f51\u5740\uff0c\u7136\u540e\u8fde\u63a5\u5230Nginx server\u7684443\u7aef\u53e32)\u670d\u52a1\u7aef\u91c7\u7528https\u534f\u8bae\u6709\u4e00\u5957\u6570\u5b57\u8bc1\u4e66\uff0c\u8be5\u8bc1\u4e66\u53ef\u4ee5\u81ea\u884c\u914d\u7f6e\uff0c\u4e5f\u53ef\u4ee5\u5411\u8bc1\u4e66\u7ba1\u7406\u7ec4\u7ec7\u53bb\u7533\u8bf7\uff0c\u8be5\u8bc1\u4e66\u5176\u672c\u8d28\u662f\u516c\u94a5\u548c\u79c1\u94a53)\u5c06\u516c\u94a5\u4f20\u9001\u7ed9\u5ba2\u6237\u7aef\uff0c\u8bc1\u4e66\u5305\u542b\u4e86\u5f88\u591a\u4fe1\u606f\uff0c\u4f8b\u5982\uff0c\u8bc1\u4e66\u7684\u9881\u53d1\u673a\u6784\uff0c\u8fc7\u671f\u65f6\u95f4\u7b49\u7b494)\u5ba2\u6237\u7aef\u89e3\u6790\u8bc1\u4e66\uff0c\u7531\u5ba2\u6237\u7aef\u7684TLS\u5b8c\u6210\uff0c\u9996\u5148\u4f1a\u9a8c\u8bc1\u516c\u94a5\u662f\u5426\u6709\u6548\uff0c\u6bd4\u5982\u9881\u53d1\u7684\u673a\u6784\uff0c\u8fc7\u671f\u65f6\u95f4\u7b49\uff0c\u5982\u679c\u53d1\u751f\u5f02\u5e38\uff0c\u5219\u4f1a\u5f39\u51fa\u8b66\u544a\u4fe1\u606f\uff0c\u63d0\u793a\u8bc1\u4e66\u5b58\u5728\u95ee\u9898\uff0c\u5982\u679c\u8bc1\u4e66\u6ca1\u6709\u95ee\u9898\uff0c\u5c31\u4f1a\u968f\u673a\u751f\u6210\u6570\u503c\uff0c\u7136\u540e\u7528\u8bc1\u4e66\u5bf9\u8be5\u968f\u673a\u6570\u503c\u8fdb\u884c\u52a0\u5bc65)\u5c06\u8bc1\u4e66\u52a0\u5bc6\u540e\u7684\u968f\u673a\u503c\u4f20\u9001\u5230\u670d\u52a1\u5668\uff0c\u8ba9\u670d\u52a1\u5668\u83b7\u53d6\u8be5\u968f\u673a\u503c\uff0c\u540e\u7eed\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u7aef\u53ef\u4ee5\u901a\u8fc7\u8be5\u968f\u673a\u503c\u6765\u8fdb\u884c\u52a0\u5bc6\u89e3\u5bc66)\u670d\u52a1\u7aef\u7528\u79c1\u94a5\u89e3\u5bc6\u540e\uff0c\u5f97\u5230\u4e86\u5ba2\u6237\u7aef\u4f20\u8fc7\u6765\u7684\u968f\u673a\u503c\uff0c\u7136\u540e\u628a\u5185\u5bb9\u901a\u8fc7\u8be5\u503c\u8fdb\u884c\u4e86\u5bf9\u79f0\u52a0\u5bc67)\u670d\u52a1\u7aef\u5c06\u79c1\u94a5\u52a0\u5bc6\u540e\u7684\u4fe1\u606f\u53d1\u7ed9\u5ba2\u6237\u7aef8)\u5ba2\u6237\u7aef\u7528\u4e4b\u524d\u751f\u6210\u7684\u79c1\u94a5\u6765\u89e3\u5bc6\u670d\u52a1\u7aef\u53d1\u9001\u8fc7\u6765\u7684\u4fe1\u606f\uff0c\u83b7\u53d6\u89e3\u5bc6\u540e\u7684\u5185\u5bb9\u3002<\/p>\n
2\u3001\u5173\u4e8eSSL\u8bc1\u4e66<\/strong><\/div>\n
\u4e92\u8054\u7f51\u7684\u5b89\u5168\u901a\u4fe1\uff0c\u662f\u5efa\u7acb\u5728SSL\/TLS\u534f\u8bae\u4e4b\u4e0a\uff0cSSL\/TLS\u534f\u8bae\u7684\u57fa\u672c\u601d\u8def\u662f\u91c7\u7528\u516c\u94a5\u52a0\u5bc6\u6cd5\uff0c\u4e5f\u5c31\u662f\uff0c\u5ba2\u6237\u7aef\u5148\u5411\u670d\u52a1\u5668\u7aef\u7d22\u53d6\u516c\u94a5\uff0c\u7136\u540e\u7528\u516c\u94a5\u52a0\u5bc6\u4fe1\u606f\uff0c\u670d\u52a1\u5668\u6536\u5230\u5bc6\u6587\u540e\uff0c\u7528\u81ea\u5df1\u7684\u79c1\u94a5\u89e3\u5bc6\u3002\u901a\u8fc7\u8fd9\u79cd\u52a0\u89e3\u5bc6\u673a\u5236\uff0c\u53ef\u4ee5\u4fdd\u969c\u6240\u6709\u4fe1\u606f\u90fd\u662f\u52a0\u5bc6\u4f20\u64ad\uff0c\u65e0\u6cd5\u7a83\u542c\uff0c\u540c\u65f6\uff0c\u4f20\u8f93\u5177\u6709\u6821\u9a8c\u673a\u5236\uff0c\u4e00\u65e6\u4fe1\u606f\u88ab\u7be1\u6539\uff0c\u53ef\u4ee5\u7acb\u523b\u53d1\u73b0\uff0c\u6700\u540e\uff0c\u901a\u8fc7\u8eab\u4efd\u8bc1\u4e66\u673a\u5236\uff0c\u53ef\u4ee5\u9632\u6b62\u8eab\u4efd\u88ab\u5192\u5145\u3002\u7531\u6b64\u53ef\u77e5\uff0cSSL\u8bc1\u4e66\u4e3b\u8981\u6709\u4e24\u4e2a\u529f\u80fd\uff1a\u52a0\u5bc6\u548c\u8eab\u4efd\u8ba4\u8bc1\u3002<\/p>\n
\u76ee\u524d\u5e02\u9762\u4e0a\u7684SSL\u8bc1\u4e66\u90fd\u662f\u901a\u8fc7\u7b2c\u4e09\u65b9SSL\u8bc1\u4e66\u673a\u6784\u9881\u53d1\u7684\uff0c\u5e38\u89c1\u53ef\u9760\u7684\u7b2c\u4e09\u65b9 SSL\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u6709DigiCert\u3001GeoTrust\u3001GlobalSign\u3001Comodo\u7b49\u3002<\/p>\n
\u6839\u636e\u4e0d\u540c\u4f7f\u7528\u73af\u5883\uff0cSSL\u8bc1\u4e66\u53ef\u5206\u4e3a\u5982\u4e0b\u51e0\u79cd\uff1a<\/p>\n
\u4f01\u4e1a\u7ea7\u522b\uff1aEV(Extended Validation)\u3001OV(Organization Validation) \uff0c\u4e2a\u4eba\u7ea7\u522b\uff1aIV(Identity Validation)\u3001DV(Domain Validation)\u3002<\/p>\n
\u5176\u4e2d EV\u3001OV\u3001IV \u9700\u8981\u4ed8\u8d39\uff0c\u4f01\u4e1a\u7528\u6237\u63a8\u8350\u4f7f\u7528EV\u6216OV\u8bc1\u4e66\uff0c\u4e2a\u4eba\u7528\u6237\u63a8\u8350\u4f7f\u7528IV\u8bc1\u4e66\uff0cDV\u8bc1\u4e66\u867d\u6709\u514d\u8d39\u7684\u53ef\u7528\uff0c\u4f46\u5b83\u662f\u6700\u4f4e\u7aef\u7684SSL\u8bc1\u4e66\u3002\u5b83\u4e0d\u663e\u793a\u5355\u4f4d\u540d\u79f0\uff0c\u4e5f\u4e0d\u80fd\u8bc1\u660e\u7f51\u7ad9\u7684\u771f\u5b9e\u8eab\u4efd\uff0c\u53ea\u80fd\u9a8c\u8bc1\u57df\u540d\u6240\u6709\u6743\uff0c\u4ec5\u8d77\u5230\u52a0\u5bc6\u4f20\u8f93\u4fe1\u606f\u7684\u4f5c\u7528\uff0c\u9002\u5408\u4e2a\u4eba\u7f51\u7ad9\u6216\u975e\u7535\u5546\u7f51\u7ad9\u3002<\/p>\n
3\u3001\u4f7f\u7528OpenSSL\u751f\u6210\u79c1\u94a5\u6587\u4ef6\u548cCSR\u6587\u4ef6<\/strong><\/div>\n
Nginx\u914d\u7f6eHTTPS\u5e76\u4e0d\u590d\u6742\uff0c\u4e3b\u8981\u6709\u4e24\u4e2a\u6b65\u9aa4\uff1a\u7b7e\u7f72\u7b2c\u4e09\u65b9\u53ef\u4fe1\u4efb\u7684 SSL\u8bc1\u4e66\u548c\u914d\u7f6e HTTPS\uff0c\u4e0b\u9762\u4f9d\u6b21\u4ecb\u7ecd\u3002<\/p>\n
\u8981\u914d\u7f6eHTTPS\u9700\u8981\u7528\u5230\u4e00\u4e2a\u79c1\u94a5\u6587\u4ef6(\u4ee5.key\u7ed3\u5c3e)\u548c\u4e00\u4e2a\u8bc1\u4e66\u6587\u4ef6(\u4ee5.crt\u7ed3\u5c3e) \uff0c\u800c\u8bc1\u4e66\u6587\u4ef6\u662f\u7531\u7b2c\u4e09\u65b9\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7b7e\u53d1\u7684\uff0c\u8981\u8ba9\u7b2c\u4e09\u65b9\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7b7e\u53d1\u8bc1\u4e66\u6587\u4ef6\uff0c\u8fd8\u9700\u8981\u7ed9\u4ed6\u4eec\u63d0\u4f9b\u4e00\u4e2a\u8bc1\u4e66\u7b7e\u7f72\u8bf7\u6c42\u6587\u4ef6(\u4ee5.csr\u7ed3\u5c3e)\u3002\u4e0b\u9762\u7b80\u5355\u4ecb\u7ecd\u4e0b\u79c1\u94a5\u6587\u4ef6\u548ccsr\u6587\u4ef6\u3002<\/p>\n
\u79c1\u94a5\u6587\u4ef6\uff1a\u4ee5.key\u7ed3\u5c3e\u7684\u4e00\u4e2a\u6587\u4ef6\uff0c\u7531\u8bc1\u4e66\u7533\u8bf7\u8005\u751f\u6210\uff0c\u5b83\u662f\u8bc1\u4e66\u7533\u8bf7\u8005\u7684\u79c1\u94a5\u6587\u4ef6\uff0c\u548c\u8bc1\u4e66\u91cc\u9762\u7684\u516c\u94a5\u914d\u5bf9\u4f7f\u7528\uff0c\u5728 HTTPS \u63e1\u624b\u901a\u8baf\u8fc7\u7a0b\u4e2d\u9700\u8981\u4f7f\u7528\u79c1\u94a5\u53bb\u89e3\u5bc6\u5ba2\u6236\u7aef\u53d1\u4f86\u7684\u7ecf\u8fc7\u8bc1\u4e66\u516c\u94a5\u52a0\u5bc6\u7684\u968f\u673a\u6570\u4fe1\u606f\uff0c\u5b83\u662fHTTPS\u52a0\u5bc6\u901a\u8baf\u8fc7\u7a0b\u975e\u5e38\u91cd\u8981\u7684\u6587\u4ef6\uff0c\u5728\u914d\u7f6eHTTPS\u7684\u6642\u5019\u8981\u7528\u5230\u3002CSR\u6587\u4ef6\uff1aCSR\u5168\u79f0\u662fCerificate Signing Request\uff0c\u5373\u8bc1\u4e66\u7b7e\u7f72\u8bf7\u6c42\u6587\u4ef6\uff0c\u6b64\u6587\u4ef6\u91cc\u9762\u5305\u542b\u7533\u8bf7\u8005\u7684DN(Distinguished Name\uff0c\u6807\u8bc6\u540d)\u548c\u516c\u94a5\u4fe1\u606f\uff0c\u6b64\u6587\u4ef6\u7531\u8bc1\u4e66\u7533\u8bf7\u8005\u751f\u6210\uff0c\u540c\u65f6\u9700\u8981\u63d0\u4f9b\u7ed9\u7b2c\u4e09\u65b9\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u3002\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u62ff\u5230CSR\u6587\u4ef6\u540e\uff0c\u4f7f\u7528\u5176\u6839\u8bc1\u4e66\u79c1\u94a5\u5bf9\u8bc1\u4e66\u8fdb\u884c\u52a0\u5bc6\u5e76\u751f\u6210CRT\u8bc1\u4e66\u6587\u4ef6\uff0cCRT\u6587\u4ef6\u91cc\u9762\u5305\u542b\u8bc1\u4e66\u52a0\u5bc6\u4fe1\u606f\u4ee5\u53ca\u7533\u8bf7\u8005\u7684DN\u53ca\u516c\u94a5\u4fe1\u606f\uff0c\u6700\u540e\uff0c\u7b2c\u4e09\u65b9\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4f1a\u5c06CRT\u6587\u4ef6\u53d1\u7ed9\u8bc1\u4e66\u7533\u8bf7\u8005\uff0c\u8fd9\u6837\u5c31\u5b8c\u6210\u4e86\u8bc1\u4e66\u6587\u4ef6\u7684\u7533\u8bf7\u8fc7\u7a0b\u3002<\/p>\n
\u5728\u7533\u8bf7SSL\u8bc1\u4e66\u4e4b\u524d\uff0c\u8bc1\u4e66\u7533\u8bf7\u8005\u9700\u8981\u5148\u751f\u6210\u4e00\u4e2a\u79c1\u94a5\u6587\u4ef6\u548c\u4e00\u4e2aCSR\u6587\u4ef6\uff0c\u53ef\u901a\u8fc7openssl\u547d\u4ee4\u6765\u751f\u6210\u8fd9\u4e24\u4e2a\u6587\u4ef6\uff0c\u64cd\u4f5c\u5982\u4e0b\uff1a<\/p>\n
[root@iZ23sl33esbZ ~]# openssl req -new -newkey rsa:2048 -sha256 -nodes -out iivey.csr -keyout iivey.key -subj \"\/C=CN\/ST=beijing\/L=beijing\/O=iivey Inc.\/OU=Web Security\/CN=iivey.com\"\r\n<\/pre>\n
\u4e0a\u9762\u8fd9\u4e2a\u547d\u4ee4\u4f1a\u751f\u6210\u4e00\u4e2aCRS\u6587\u4ef6iivey.csr\u548c\u79c1\u94a5\u6587\u4ef6iivey.key\u3002\u5176\u4e2d\uff0c\u76f8\u5173\u5b57\u6bb5\u542b\u4e49\u5982\u4e0b\uff1a<\/p>\n
C\u5b57\u6bb5\uff1a\u5373Country\uff0c\u8868\u793a\u5355\u4f4d\u6240\u5728\u56fd\u5bb6\uff0c\u4e3a\u4e24\u4f4d\u6570\u7684\u56fd\u5bb6\u7f29\u5199\uff0c\u5982CN\u8868\u793a\u4e2d\u56fd\uf06c ST\u5b57\u6bb5\uff1a State\/Province\uff0c\u5355\u4f4d\u6240\u5728\u5dde\u6216\u7701\uf06c L\u5b57\u6bb5\uff1a Locality\uff0c\u5355\u4f4d\u6240\u5728\u57ce\u5e02\/\u6216\u53bf\u533a\uf06c O\u5b57\u6bb5\uff1a Organization\uff0c\u6b64\u7f51\u7ad9\u7684\u5355\u4f4d\u540d\u79f0 OU\u5b57\u6bb5\uff1a Organization Unit\uff0c\u4e0b\u5c5e\u90e8\u95e8\u540d\u79f0;\u4e5f\u5e38\u5e38\u7528\u4e8e\u663e\u793a\u5176\u4ed6\u8bc1\u4e66\u76f8\u5173\u4fe1\u606f\uff0c\u5982\u8bc1\u4e66\u7c7b\u578b\uff0c\u8bc1\u4e66\u4ea7\u54c1\u540d\u79f0\u6216\u8eab\u4efd\u9a8c\u8bc1\u7c7b\u578b\u6216\u9a8c\u8bc1\u5185\u5bb9\u7b49\uf06c CN\u5b57\u6bb5\uff1aCommon Name\uff0c\u7f51\u7ad9\u7684\u57df\u540d\u3002<\/p>\n
\u63a5\u7740\uff0c\u5c06\u751f\u6210\u7684CSR\u6587\u4ef6\u63d0\u4f9b\u7ed9CA\u673a\u6784\uff0c\u7b7e\u7f72\u6210\u529f\u540e\uff0cCA\u673a\u6784\u5c31\u4f1a\u53d1\u7ed9\u6211\u4eec\u4e00\u4e2aCRT\u8bc1\u4e66\u6587\u4ef6\uff0c\u5047\u5b9a\u8fd9\u4e2a\u6587\u4ef6\u662fiivey.crt\uff0c\u5728\u83b7\u5f97SSL\u8bc1\u4e66\u6587\u4ef6\u540e\uff0c\u5c31\u53ef\u4ee5\u5728Nginx\u914d\u7f6e\u6587\u4ef6\u91cc\u914d\u7f6eHTTPS\u4e86\u3002<\/p>\n
4\u3001Nginx\u4e0b\u914d\u7f6eSSL\u8bc1\u4e66<\/strong><\/div>\n
\u8981\u5f00\u542fHTTPS\u670d\u52a1\uff0c\u5176\u5b9e\u5c31\u662f\u5728Nginx\u4e0a\u5f00\u542f\u4e00\u4e2a443\u76d1\u542c\u7aef\u53e3\uff0c\u4e0b\u9762\u662fHTTPS\u670d\u52a1\u5728Nginx\u4e0b\u7684\u914d\u7f6e\u65b9\u5f0f\uff0c\u8fd9\u91cc\u4ec5\u5217\u51fa\u4e86server\u6bb5\u7684\u914d\u7f6e\uff1a<\/p>\n
server \r\n { \r\n listen 443; \r\n server_name www.iivey.com; \r\n index index.php index.html; \r\n root \/data\/webhtdocs\/iivey; \r\n ssl on; \r\n ssl_certificate iivey.crt; \r\n ssl_certificate_key iivey.key; \r\n ssl_prefer_server_ciphers on; \r\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2; \r\n ssl_ciphers HIGH:!aNULL:!MD5; \r\n add_header X-Frame-Options DENY; \r\n add_header X-Content-Type-Options nosniff; \r\n add_header X-Xss-Protection 1; \r\n }<\/pre>\n
\u7b80\u5355\u4ecb\u7ecd\u4e0b\u4e0a\u9762\u6bcf\u4e2a\u914d\u7f6e\u9009\u9879\u7684\u542b\u4e49\uff1a<\/p>\n
ssl on\uff1a\u8868\u793a\u542f\u7528SSL\u529f\u80fd\u3002<\/ol>\n
ssl_certificate\uff1a\u7528\u6765\u6307\u5b9aCRT\u6587\u4ef6\u7684\u8def\u5f84\uff0c\u53ef\u4ee5\u662f\u76f8\u5bf9\u8def\u5f84\uff0c\u4e5f\u53ef\u4ee5\u662f\u7edd\u5bf9\u8def\u5f84\uff0c\u672c\u4f8b\u662f\u76f8\u5bf9\u8def\u5f84\uff0ciivey.crt\u6587\u4ef6\u653e\u5728\u548cnginx.conf\u540c\u7ea7\u76ee\u5f55\u4e0b\u3002<\/ol>\n
ssl_certificate_key\uff1a\u7528\u6765\u6307\u5b9a\u79d8\u94a5\u6587\u4ef6\u7684\u8def\u5f84\uff0c\u53ef\u4ee5\u662f\u76f8\u5bf9\u8def\u5f84\uff0c\u4e5f\u53ef\u4ee5\u662f\u7edd\u5bf9\u8def\u5f84\uff0c\u672c\u4f8b\u662f\u76f8\u5bf9\u8def\u5f84\uff0ciivey.key\u6587\u4ef6\u653e\u5728\u548cnginx.conf\u540c\u7ea7\u76ee\u5f55\u4e0b\u3002<\/ol>\n
ssl_prefer_server_ciphers on\uff1a\u8bbe\u7f6e\u534f\u5546\u52a0\u5bc6\u7b97\u6cd5\u65f6\uff0c\u4f18\u5148\u4f7f\u7528\u6211\u4eec\u670d\u52a1\u7aef\u7684\u52a0\u5bc6\u5957\u4ef6\uff0c\u800c\u4e0d\u662f\u5ba2\u6237\u7aef\u6d4f\u89c8\u5668\u7684\u52a0\u5bc6\u5957\u4ef6\u3002<\/ol>\n
ssl_protocols\uff1a\u6b64\u6307\u4ee4\u7528\u4e8e\u542f\u52a8\u7279\u5b9a\u7684\u52a0\u5bc6\u534f\u8bae\uff0c\u8fd9\u91cc\u8bbe\u7f6e\u4e3a\u201cTLSv1 TLSv1.1 TLSv1.2\u201d\uff0cTLSv1.1\u4e0eTLSv1.2\u8981\u786e\u4fddopenssl\u7248\u672c\u5927\u4e8e\u7b49\u4e8eopenssl1.0.1 \uff0cSSLv3\u4e5f\u53ef\u4ee5\u4f7f\u7528\uff0c\u4f46\u662f\u6709\u4e0d\u5c11\u88ab\u653b\u51fb\u7684\u6f0f\u6d1e\uff0c\u6240\u4ee5\u73b0\u5728\u5f88\u5c11\u4f7f\u7528\u4e86\u3002<\/p>\n
ssl_ciphers\uff1a\u9009\u62e9\u52a0\u5bc6\u5957\u4ef6\u548c\u52a0\u5bc6\u7b97\u6cd5\uff0c\u4e0d\u540c\u7684\u6d4f\u89c8\u5668\u6240\u652f\u6301\u7684\u5957\u4ef6\u548c\u987a\u5e8f\u53ef\u80fd\u4f1a\u6709\u4e0d\u540c\u3002\u8fd9\u91cc\u9009\u62e9\u9ed8\u8ba4\u5373\u53ef\u3002<\/ol>\n
add_header X-Frame-Options DENY\uff1a\u8fd9\u662f\u4e2a\u589e\u5f3a\u5b89\u5168\u6027\u7684\u9009\u9879\uff0c\u8868\u793a\u51cf\u5c11\u70b9\u51fb\u52ab\u6301\u3002<\/ol>\n
add_header X-Content-Type-Options nosniff\uff1a\u540c\u6837\u662f\u589e\u5f3a\u5b89\u5168\u6027\u7684\u9009\u9879\uff0c\u8868\u793a\u7981\u6b62\u670d\u52a1\u5668\u81ea\u52a8\u89e3\u6790\u8d44\u6e90\u7c7b\u578b\u3002<\/ol>\n
add_header X-Xss-Protection 1\uff1a\u540c\u6837\u662f\u589e\u5f3a\u5b89\u5168\u6027\u7684\u9009\u9879\uff0c\u8868\u793a\u9632\u6b62XSS\u653b\u51fb\u3002<\/ol>\n
5\u3001\u9a8c\u8bc1HTTPS\u529f\u80fd<\/strong><\/div>\n
Nginx\u7684https\u914d\u7f6e\u5b8c\u6210\u540e\uff0c\u9700\u8981\u6d4b\u8bd5\u4e0b\u914d\u7f6e\u662f\u5426\u6b63\u5e38\uff0c\u8fd9\u91cc\u63d0\u4f9b\u4e24\u79cd\u65b9\u5f0f\uff0c\u7b2c\u4e00\u79cd\u65b9\u5f0f\u662f\u76f4\u63a5\u901a\u8fc7\u6d4f\u89c8\u5668\u8bbf\u95eehttps\u670d\u52a1\uff0c\u8fd9\u91cc\u4f7f\u7528\u706b\u72d0\u6d4f\u89c8\u5668\u8fdb\u884c\u6d4b\u8bd5\uff0c\u5982\u679chttps\u914d\u7f6e\u6b63\u5e38\u7684\u8bdd\uff0c\u5e94\u8be5\u4f1a\u76f4\u63a5\u6253\u5f00\u9875\u9762\uff0c\u800c\u4e0d\u4f1a\u51fa\u73b0\u5982\u4e0b\u754c\u9762\uff1a
\n $\"\"$ <\/p>\n
\u51fa\u73b0\u8fd9\u4e2a\u754c\u9762\uff0c\u8bf4\u660ehttps\u6ca1\u6709\u914d\u7f6e\u6210\u529f\uff0c\u9700\u8981\u68c0\u67e5https\u914d\u7f6e\u662f\u5426\u6b63\u786e\u3002\u800c\u5728\u6253\u5f00https\u9875\u9762\u540e\uff0c\u53ef\u80fd\u8fd8\u4f1a\u51fa\u73b0\u4e00\u79cd\u60c5\u51b5\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\n $\"\"$ <\/p>\n
\u8fd9\u4e2a\u73b0\u8c61\u662f\u80fd\u591f\u6253\u5f00https\u754c\u9762\uff0c\u4f46\u662f\u6d4f\u89c8\u5668\u5730\u5740\u680f\u5de6\u8fb9\u7684\u5c0f\u9501\u662f\u7070\u8272\uff0c\u5e76\u4e14\u6709\u4e2a\u9ec4\u8272\u7684\u611f\u53f9\u53f7\uff0c\u8fd9\u8bf4\u660e\u8fd9\u4e2a\u7f51\u7ad9\u7684\u9875\u9762\u4e2d\u53ef\u80fd\u5f15\u7528\u4e86\u7b2c\u4e09\u65b9\u7f51\u7ad9\u7684\u56fe\u7247\u3001js\u3001css\u7b49\u8d44\u6e90\u6587\u4ef6\uff0chttps\u8ba4\u4e3a\u9875\u9762\u6709\u5f15\u7528\u7b2c\u4e09\u65b9\u7f51\u7ad9\u8d44\u6e90\u7684\u60c5\u51b5\u662f\u4e0d\u5b89\u5168\u7684\uff0c\u6240\u4ee5\u624d\u51fa\u73b0\u4e86\u8b66\u544a\u63d0\u793a\u3002\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u5f88\u7b80\u5355\uff0c\u5c06\u9875\u9762\u4e0a\u6240\u6709\u5f15\u7528\u7b2c\u4e09\u65b9\u7f51\u7ad9\u7684\u8d44\u6e90\u6587\u4ef6\u4e0b\u8f7d\u5230\u672c\u5730\uff0c\u7136\u540e\u901a\u8fc7\u672c\u5730\u8def\u5f84\u8fdb\u884c\u5f15\u7528\u5373\u53ef\u3002<\/p>\n
\u4fee\u6539\u6240\u6709\u8d44\u6e90\u6587\u4ef6\u5230\u672c\u5730\u670d\u52a1\u5668\u540e\uff0c\u518d\u6b21\u901a\u8fc7https\u65b9\u5f0f\u8fdb\u884c\u8bbf\u95ee\uff0c\u6d4f\u89c8\u5668\u5730\u5740\u680f\u5de6\u8fb9\u7684\u5c0f\u9501\u81ea\u52a8\u53d8\u6210\u7eff\u8272\uff0c\u5e76\u4e14\u611f\u53f9\u53f7\u6d88\u5931\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a
\n $\"\"$ <\/p>\n
\u81f3\u6b64\uff0cnginx\u4e0b\u914d\u7f6ehttps\u670d\u52a1\u5df2\u7ecf\u6b63\u5e38\u8fd0\u884c\u3002<\/p>\n
\u5728\u6d4f\u89c8\u5668\u4e0b\u53ef\u4ee5\u67e5\u770b\u8bc1\u4e66\u4fe1\u606f(\u8bc1\u4e66\u5382\u5546\u3001\u8bc1\u4e66\u673a\u6784\u3001\u8bc1\u4e66\u6709\u6548\u671f\u7b49)\uff0c\u70b9\u51fb\u6d4f\u89c8\u5668\u5730\u5740\u680f\u7684\u7eff\u9501\uff0c\u9009\u62e9\u67e5\u770b\u8bc1\u4e66\uff0c\u5373\u53ef\u67e5\u770b\u8bc1\u4e66\u8be6\u7ec6\u4fe1\u606f\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
$\"\"$
\n\u9a8c\u8bc1SSL\u8bc1\u4e66\u72b6\u6001\u8fd8\u6709\u53e6\u5916\u4e00\u4e2a\u65b9\u6cd5\uff0c\u90a3\u5c31\u662f\u901a\u8fc7\u63d0\u4f9b\u7684\u5728\u7ebf\u7f51\u7ad9\u8fdb\u884c\u9a8c\u8bc1\uff0c\u8bfb\u8005\u53ef\u4ee5\u901a\u8fc7https:\/\/myssl.com\/\u7f51\u7ad9\u6216https:\/\/www.ssllabs.com\/ssltest\/\u7f51\u7ad9\u8fdb\u884c\u5728\u7ebf\u6d4b\u8bd5\uff0c\u8fd9\u4e9b\u7f51\u7ad9\u53ef\u4ee5\u66f4\u8be6\u7ec6\u7684\u6d4b\u8bd5SSL\u8bc1\u4e66\u7684\u72b6\u6001\u3001\u5b89\u5168\u6027\u3001\u517c\u5bb9\u6027\u7b49\u5404\u65b9\u9762\u7684\u72b6\u6001\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u8d85\u6587\u672c\u4f20\u8f93\u5b89\u5168\u534f\u8bae(HTTPS)\u662f\u4ee5\u5b89\u5168\u4e3a\u76ee\u6807\u7684HTTP\u901a\u9053\uff0c\u7b80\u5355\u6765\u8bf4\u5c31\u662fHTTP\u5b89\u5168\u7248\u3002https\u7531\u4e24\u4e2a\u90e8\u5206 […]<\/p>\n","protected":false},"author":1329,"featured_media":169049,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-168959","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/168959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/1329"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=168959"}],"version-history":[{"count":3,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/168959\/revisions"}],"predecessor-version":[{"id":169050,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/168959\/revisions\/169050"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/169049"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=168959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=168959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=168959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}