#关闭防火墙

chkconfig iptables off

service iptables stop

#关闭SELINUX

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

setenforce  

#上传openresty_auto_install到 /usr/local/software

mkdir /usr/local/software

cd  /usr/local/software/openresty_auto_install

#更新包

yum update -y

yum install -y ghostscript unzip wget gcc gcc-c++ cmake make gcc-g77 autoconf automake zlib* fiex* libxml* ncurses-devel libmcrypt* libtool-ltdl-devel* make cmake perl bison ntpdate readline-devel pcre-devel openssl-devel tcl perl make g++ libtool autoconf automake imake mysql-devel libxml2-devel expat-devel

#调对时钟

ntpdate stdtime.gov.hk

ntpdate cn.pool.ntp.org

tar zxvf ngx_openresty-1.7.7.1.tar.gz

cd ngx_openresty-1.7.7.1

./configure --prefix=/usr/local/openresty --with-http_stub_status_module --with-http_gzip_static_module --with-luajit --with-http_ssl_module

make && make install

\cp  /usr/local/software/openresty_auto_install/nginx /etc/rc.d/init.d/nginx

chmod  /etc/rc.d/init.d/nginx

chkconfig nginx on

#配置conf

vi /usr/local/openresty/nginx/conf/nginx.conf

server {

 listen ;

 ssl on;

 ssl_certificate /usr/local/openresty/nginx/conf/server.crt;

 ssl_certificate_key /usr/local/openresty/nginx/conf/server_nopwd.key;

}

#cd到目录

cd /usr/local/openresty/nginx/conf

cd到目录

#cd /usr/local/nginx/conf

创建服务器私钥

openssl genrsa -des3 -out server.key 

签名请求的证书

openssl req -new -key server.key -out server.csr

注意此步骤过程中需要填写一系列的东西（公司名称、所在地等按照实际情况填）

尤其注意 your server' hostname的填写，如果没有域名就直接填ip，如果有域名就填域名（都不需要端口号）

例如：

直接填ip：  61.155.86.78

域名： api.trewanyg.com

模糊域名：  * .trewanyg.com

制作解密后的私钥

openssl rsa -in server.key -out server_nopwd.key

openssl x509 -req -days  -in server.csr -signkey server_nopwd.key -out server.crt

拷贝证书文件

cp /usr/local/openresty/nginx/conf/server.crt /usr/local/openresty/nginx/html/

进入nginx的sbin目录，启动nginx

service nginx restart

进入nginx主页查看

https://10.10.6.213