Nginx生成证书配置https

一,nginx安装Openssl
1,安装perl-Digest-SHA1.x86_64
yum install perl-Digest-SHA1.x86_64
2,安装Nginx
./configure --prefix=/usr/local/nginx --with-http_ssl_module
3,make编译安装
make&make install
二,自动生成证书
1,新建证书目录
mkdir -p /usr/local/nginx/cert
2,创建服务器证书密钥文件 server.key
openssl genrsa -des3 -out server.key 2048
此命令执行后会要求输入密码,确认密码,自己随便定义,但是要记住,后面会用到。
----------------------------------------------------------------------------------
Generating RSA private key, 2048 bit long modulus
........+++
....+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
----------------------------------------------------------------------------------
3,创建服务器证书的申请文件 server.csr
openssl req -new -key server.key -out server.csr

此命令输出内容为:

Enter pass phrase for root.key: ← 输入前面创建的密码
Country Name (2 letter code) [AU]:CN ← 国家代号,中国输入CN
State or Province Name (full name) [Some-State]:ZHEJIANG← 省的全名,拼音
Locality Name (eg, city) []:HANGZHOU← 市的全名,拼音
Organization Name (eg, company) [Internet Widgits Pty Ltd]:xxxunit ← 公司英文名
Organizational Unit Name (eg, section) []: ← 可以不输入
Common Name (eg, YOUR name) []:xxx.bg.com← 输入域名,如:iot.conet.com
Email Address []:xxx@bg.com ← 电子邮箱,可随意填
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: ← 可以不输入
An optional company name []: ← 可以不输入
4,备份一份服务器密钥文件
cp server.key server-bak.key
5,去除文件口令
openssl rsa -in server-bak.key -out server.key
6,生成证书文件server.crt
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
---------------------------------------------------------------------------------
Signature ok
subject=/C=cn/ST=cn/L=cn/O=cn/OU=cn/CN=aura.haier.com
Getting Private key
----------------------------------------------------------------------------------
三,配置nginx.cfg
vi/usr/local/nginx/conf/nginx.cfg
----------------------------------------------------------------------------------

worker_processes  1;
worker_rlimit_nofile 65535;
events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

	upstream myspring {
	server 192.168.160.21:80 weight=1;
	server 192.168.160.22:80 weight=1;
	}
    server {
        listen       80;
        server_name  192.168.160.11;

        location / {
            proxy_pass	http://myspring;
	    proxy_read_timeout	30;

        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

      }
     #https 块
    server {
    	listen       443	ssl;
    	server_name  192.168.160.11,adc.adbc.com;
		# 开启ssl
    	#ssl     on;
    	ssl_certificate      /usr/local/nginx/cert/server.crt;
    	ssl_certificate_key  /usr/local/nginx/cert/server.key;
		ssl_session_cache    shared:SSL:1m;
    	ssl_session_timeout  5m;
    	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    	ssl_prefer_server_ciphers on;
    
    location / {
            proxy_pass  http://myspring;
            proxy_read_timeout  30;
    }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
	}
 }
}
---------------------------------------------------------------------------------
 
posted @   永兴万人迷-大吉  阅读(371)  评论(0编辑  收藏  举报
相关博文:
· WIN11恢复WIN10鼠标右击属性
· win11电源计划dos命令行切换
· Nginx https证书生成
· linux运维、架构之路-Nginx配置https证书(转载)
· Nginx配置https访问
阅读排行:
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· 单线程的Redis速度为什么快?
· 展开说说关于C#中ORM框架的用法!
· Pantheons:用 TypeScript 打造主流大模型对话的一站式集成库
点击右上角即可分享
微信分享提示