首先生成必要的密钥文件,需要四步:

1、openssl genrsa -des3 -out server.key 1024
2、openssl req -new -key server.key -out server.csr
3、openssl rsa -in server.key -out server_nopass.key
4、openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

执行以上四步的时候,把目录切到nginx的配置文件目录下面,然后再新建一个ssl的目录,便于管理。比如我的目录是/etc/nginx/ssl。

关于nginx的配置,贴一份我自己的:

server {
    listen          443 ssl;
    server_name     localhost;
    ### SSL cert files ###
    ssl on;
    ssl_certificate      ssl/server.crt;
    ssl_certificate_key  ssl/server_nopass.key;
    keepalive_timeout    60;
    index index.html index.htm index.php;
    root /home/ety001/wwwroot/localhost;
    location ~ \.php$ {
        fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index  index.php;
        include        fastcgi.conf;
    }
}