nginx_https 添加ssl

0x00         自行颁发不受浏览器信任的SSL证书

1.生成一个RSA密钥 
openssl genrsa -des3 -out yangiq.key 1024
2.拷贝一个不需要输入密码的密钥文件
openssl rsa -in yangiq.key -out yangiq_nopass.key
3.生成一个证书请求
openssl req -new -key yangiq.key -out yangiq.csr

第3个命令是生成证书请求,会提示输入省份、城市、域名信息等,重要的是,email一定要是你的域名后缀的(也可不要)。这样就有一个 csr 文件了,提交给 ssl 提供商的时候就是这个 csr 文件。当然我这里并没有向证书提供商申请,而是在第4步自己签发了证书
4.自己签发证书
openssl x509 -req -days 365 -in yangiq.csr -signkey yangiq.key -out yangiq.crt

[root@client-142-11-227-141 http]# pwd
/home/http
[root@client-142-11-227-141 http]# openssl genrsa -des3 -out yangiq.key 1024
Generating RSA private key, 1024 bit long modulus
..................................++++++
...............................++++++
e is 65537 (0x10001)
Enter pass phrase for yangiq.key: 输入密码  
Verifying - Enter pass phrase for yangiq.key: 再次输入密码

  

0x01      编辑配置文件nginx.conf,给站点加上HTTPS协议

server {
    server_name YOUR_DOMAINNAME_HERE;
    listen 443;
    ssl on;
    ssl_certificate /home/https/yangiq.crt;
    ssl_certificate_key /home/https/yangiq_nopass.key;
    # 若ssl_certificate_key使用yangiq.key,则每次启动Nginx服务器都要求输入key的密码。

  #需要代理的路径
    location / {
        try_files $uri $uri/ /index.html;
        root   /home/gy/front_web/dist;   
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
    }


#  代理443/api/    ->   http://172.20.16.214:9527/api/
#location   /api/ {
#proxy_http_version 1.1;
#proxy_read_timeout 30s;
#proxy_set_header Host $http_host;
#proxy_set_header Connection "";
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
#proxy_pass http://172.20.16.214:9527/api/;
#}


location   /sjtc/ {
#proxy_http_version 1.1;
#proxy_read_timeout 30s;
#proxy_set_header Host $http_host;
#proxy_set_header Connection "";
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
#proxy_pass http://192.168.10.223:9002/sjtc/;
# #   server http://10.194.89.102:9527/api/ weight=10;
#}


}
0x02    nginx 重启
service nginx restart


参考:https://www.linuxidc.com/Linux/2013-08/88271.htm

posted @ 2021-12-20 14:43  my——master  阅读(57)  评论(0)    收藏  举报