一、#openssl req -new -nodes -keyout server.key -out server.csr

二、用 server.csr 去申请 SSL 证书（免费的SSL证书服务商http://www.startssl.com）

三、将SSL证书服务商提供的密文保存至 server.crt

四、将 server.key 和 server.crt 文件上传至 nginx/conf 目录

五、配置 nginx 配置文件

a)强制从 HTTP 跳转至 HTTPS

    server {
        listen       80;
        server_name  ssl.nt00.com;
        rewrite ^/(.*)$ https://ssl.nt00.com/$1;
    }

b)配置 HTTPS

    server {
        listen       443;
        server_name  ssl.nt00.com;
        root   /www/ssl.nt00.com;

        ssl                  on;
        ssl_certificate      server.crt;
        ssl_certificate_key  server.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        location / {
            index  index.html index.php;
        }
        location ~ \.php($|/) {
            fastcgi_pass            unix:/tmp/php-fpm.socket;
            fastcgi_split_path_info ^(.+\.php)(.*)$;
            include                 fastcgi.conf;
        }
    }