1、首先配置nginx及其他插件，这个Google下，很多配置方案。

2、配置服务器的证书。操作步骤如下：

[root@localhost ~]# cd /etc/pki/tls/certs

[root@localhost certs]# make server.key

umask 77 ;

/usr/bin/openssl genrsa -aes128 2048 > server.key

Generating RSA private key, 2048 bit long modulus

......................................................++++++

.............++++++

e is 61251 (0x10001)

Enter pass phrase:# set passphrase

Verifying - Enter pass phrase:# confirm

# remove passphrase from private key

[root@localhost certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:# input passphrase

writing RSA key

[root@localhost certs]#

[root@localhost certs]# make server.csr

umask 77 ;

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN #country

State or Province Name (full name) [e]:Beijing#state

Locality Name (eg, city) [Default City]:Beijing #city

Organization Name (eg, company) [Default Company Ltd]:Test#company

Organizational Unit Name (eg, section) []:Test Haha#department

Common Name (eg, your server's hostname) []:www.test.com#server's FQDN

Email Address []:admin@test.com # email address

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:# Enter

An optional company name []:# Enter

[root@localhost certs]#

[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok

subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com

Getting Private key

[root@localhost certs]# chmod 400 server.*

3、配置nginx的conf文件

#server {

#listen 80;

#server_name happy.cc.com;

#rewrite ^(.*)$ permanent;

# }

server {

listen 80;

listen 443 ssl;

server_name happy.cc.com;

location / {

root/data/www/cloud;

index index.html;

}

ssl on;

ssl_certificate /data/webserver/nginx/conf/server.crt;

ssl_certificate_key /data/webserver/nginx/conf/server.key;

ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_cipherson;

#autoindex on;

location = /favicon.ico {

log_not_found off;

access_log off;

}

location ~ .php$ {

root/data/www/cloud;

fastcgi_passunix:/tmp/php-cgi.sock;

#fastcgi_pass127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/www/cloud$fastcgi_script_name;

includefastcgi_params;

}

location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*.(js|css)?$

{

expires 1h;

}

access_log /data/log/nginx/happy.access.log access;

error_log /data/log/nginx/happy.error.log warn;

}

4、打开iptables的443端口