nginx 配置 自签名https证书

1. 下载 mkcert
https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-windows-amd64.exe
2. 执行
 .\mkcert.exe aa.com.cn
会生成  

?

1	aa-key.pem

?

1

aa.pem

3. nginx配置

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83

#user  nobody; worker_processes  1;   #error_log  logs/error.log; #error_log  logs/error.log  notice; #error_log  logs/error.log  info;   #pid        logs/nginx.pid;     events {     worker_connections  10240; }     http {     server_names_hash_bucket_size 64; # 增加 server_names_hash_bucket_size 的大小     include       mime.types;     default_type  application/octet-stream;           ## 用户的 IP 地址 Sbinary remote addr 作为 ey，每个 IP 地址最多有 50 个并发连接# 你想开 几千个连接 刷死我? 超过 50 个连接，直接返回 503 错误给你，根本不处理你的请求了     limit_conn_zone $binary_remote_addr zone=TotalConnLimitZone:100m;     limit_conn TotalConnLimitZone 65535;     limit_conn_log_level notice;     ##用户的 IP 地 sbinary remote addr 作为 Key     ## 你想用程序每秒几百次的刷我，没戏，再快了就不处理了，直接返回 503 错误给你     limit_req_zone $binary_remote_addr zone=ConnLimitZone:100m rate=1000r/s;     limit_req_log_level notice;       #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '     #                  '$status $body_bytes_sent "$http_referer" '     #                  '"$http_user_agent" "$http_x_forwarded_for"';       #access_log  logs/access.log  main;       sendfile        on;     #tcp_nopush     on;       #keepalive_timeout  0;     keepalive_timeout  90;       #gzip  on;             #aa.com.cn     upstream aa_upstream {         server 192.168.10.176:443;     }       server {         listen 80;         server_name kfsvn.lynxons.com.cn;           location / {             proxy_pass https://kfsvn_upstream;             proxy_set_header Host $host;         }           error_page 500 502 503 504 /50x.html;         location = /50x.html {             root html;         }     }      server {         listen 443 ssl;         server_name aa.com.cn;           ssl_certificate "D:/Program Files/nginx-1.24.0/aa.pem";         ssl_certificate_key  "D:/Program Files/nginx-1.24.0/aa-key.pem";         location / {             proxy_pass https://aa_upstream;             proxy_set_header Host $host;         }           error_page 500 502 503 504 /50x.html;         location = /50x.html {             root html;         }     }   }