https

nginx主机配置ssl

1、可以通过浏览器认证的ssl证书
openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key

在当前目录下会发现server.csr server.key两个文件。

然后提供这两个文件,购买或者向startssl申请免费server.crt证书。

三个文件放在指定目录,如/root下

nginx配置文件例子如下:

server
{
listen 443;
server_name mydomain.com;
index index.html index.htm index.php;
root /web/www/test;
ssl on;
ssl_certificate /root/server.crt;
ssl_certificate_key /root/server.key;
}

重新启动nginx

/usr/local/nginx/sbin/nginx -t
kill -HUP `cat /usr/local/nginx/nginx.pid`

startssl的证书需要添加根证书才可以被firefox信任,需要在配置conf文件前,添加根证书信息到server.crt

wget http://www.startssl.com/certs/ca.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem
cat ca.pem sub.class1.server.ca.pem >> server.crt

2、自制证书

openssl genrsa -out server.key 2048
openssl req -new -x509 -key privkey.key -out server.crt -days 1095

nginx的配置同上。

3、强制使用https访问的nginx的conf配置

server
{
listen 443;
listen 80;
server_name servername;
index index.html index.htm index.php;
root /web/test;
ssl on;
ssl_certificate /root/server.crt;
ssl_certificate_key /root/server.key;
error_page 497 “https://$host$uri?$args”;
}

或者
error_page 497 “https://$host$uri$is_args$args”;

Tags: , ,

Friday, April 16th, 2010 网站技术 No Comments

asp/php实现在http和https之间跳转

ASP:
以https开始,请在该ASP页面顶部添加如下代码:
<%
Response.Buffer = True
If (Request.ServerVariables(“HTTPS”) = “off”) Then
Dim xredir__, xqstr__
xredir__ = “https://” & Request.ServerVariables(“SERVER_NAME”) & _
Request.ServerVariables(“SCRIPT_NAME”)
xqstr__ = Request.ServerVariables(“QUERY_STRING”)
if xqstr__ <> “” Then xredir__ = xredir__ & “?” & xqstr__
Response.redirect xredir__
End if
%>
相反的,强迫以Http开始
<%
Response.Buffer = True
If (Request.ServerVariables(“HTTPS”) = “on”) Then
Dim xredir__, xqstr__
xredir__ = “http://” & Request.ServerVariables(“SERVER_NAME”) & _
Request.ServerVariables(“SCRIPT_NAME”)
xqstr__ = Request.ServerVariables(“QUERY_STRING”)
if xqstr__ <> “” Then xredir__ = xredir__ & “?” & xqstr__
Response.redirect xredir__
End if
%>

PHP:
如果网页使用https访问,在网页开头加入以下代码:

<?php

//http转化为https

if ($_SERVER["HTTPS"]<>”on”)

{   $xredir=”https://”.$_SERVER["SERVER_NAME"].

$_SERVER["REQUEST_URI"];   header(“Location: “.$xredir);

}

?>

如果网页使用http访问,在网页开头加入以下代码:

<?php

//https转化为http

if ($_SERVER["HTTPS"]==”on”)

{   $xredir=”http://”.$_SERVER["SERVER_NAME"].

$_SERVER["REQUEST_URI"];   header(“Location: “.$xredir);

}

?>

Tags: , ,

Sunday, December 27th, 2009 网站技术 No Comments