# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
# yum -y --enablerepo=nginx install nginx
# nginx -v
nginx version: nginx/1.14.0
# systemctl start nginx
# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
# yum update openssl openssl-devel openssl-libs
Package(s) openssl-devel available, but not installed.
No packages marked for update
# yum install openssl-devel
# cd /etc/nginx
# mkdir ssl
# openssl req -new -x509 -sha256 -newkey rsa:2048 -days 365 -nodes -out /etc/nginx/ssl/nginx.pem -keyout /etc/nginx/ssl/nginx.key
Generating a 2048 bit RSA private key
...................................................................................................................+++
...........................+++
writing new private key to '/etc/nginx/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:jp
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
# chown root:root -R /etc/nginx/ssl/
# chmod 600 /etc/nginx/ssl/*
# chmod 700 /etc/nginx/ssl
# cd /etc/nginx/conf.d
# vi default.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server {
listen 443 ssl;
ssl on;
server_name localhost;
ssl_certificate /etc/nginx/ssl/nginx.pem;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
