## [ngx_http_ssl_module][1] ## 单向加密 生成单向加密文件 ~~~ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -subj /CN=localhost -keyout nginx.key -out nginx.crt nodes 不加密 其中C是Country，ST是state，L是local，O是Organization，OU是Organization Unit，CN是common name） -subj /C=CN/ST=HB/L=SJZ/O=CCIT/OU=CCIT/CN=fym/emailAddress=fym0121@163.com ~~~ ### 配置示例 ~~~ server { listen 443 ssl; server_name xxx; ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; ssl_certificate path_to_crt; ssl_certificate_key path_to_key; ssl_session_timeout 5m; ssl_session_cache builtin:1000 shared:SSL:10m; } ~~~ [1]:http://nginx.org/en/docs/http/ngx_http_ssl_module.html