当前位置：首页 → 问答吧 → nginx + habari with https

nginx + habari with https

时间：2009-12-09

来源：互联网

1. 编译nginx# ./configure --with-sha1=/usr/lib \
               --with-md5=/usr/lib \
               ...
               --with-http_ssl_module

2. 生成dummy证书# openssl genrsa -des3 -out cert.key 1024
# openssl req -new -key cert.key -out cert.csr
# openssl rsa -in cert.key -out cert.key
# openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.pem

* 注: 如果没有做openssl rsa -in cert.key -out cert.key这一步, nginx会在启动时提示输入密码, 导致server无法自动启动
3. 配置nginx
最简单的, 把现有配置文件的server部分复制一份, 然后做以下修改server {
  listen    443;
  ssl          on;
  ssl_certificate  /usr/local/nginx/conf/cert.pem;
  ssl_certificate_key  /usr/local/nginx/conf/cert.key;
  ...
}

habari会在$_REQUEST中检查HTTPS的值, 所以在HTTPS没有设置或者是设置为off的情况下, 即使以https://的scheme访问, 代码中生成的链接仍然是http而不是https, 所以我们需要在cgi参数中加入https项, 如下:location ~ \.php$ {
  fastcgi_pass 127.0.0.1:9001;
  fastcgi_index  index.php;
  fastcgi_param  SCRIPT_FILENAME  /var/www/habari$fastcgi_script_name;
  fastcgi_param  HTTPS          on;
  include       fastcgi_params;
}

至此, 重启nginx.

原文地址 https://gopherwood.info/2009/07/08/nginx_habari_with_https

作者: zhoulian 发布时间: 2009-12-09

nginx + habari with https

热门阅读

热门下载