ssl

mkdir /usr/local/openresty/nginx/conf/ssl 

cd /usr/local/openresty/nginx/conf/ssl 

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Gd/L=SZ/O=od.com/CN=harbor.od.com"
openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650

服务一：静态站点

mkdir /var/www/html -p
echo 80 >/var/www/html/index.html

服务二：反向代理站点

python3 -m http.server &

• 场景1

  # /usr/local/openresty/nginx/conf/ssl.conf
  worker_processes  1;
  
  events {
      worker_connections  1024;
  }
  
  
  http {
      include       mime.types;
      default_type  application/octet-stream;
      
      server {
          listen 80;
          server_name harbor.od.com;
          return 301 https:$server_name$request_uri;
      }
  
      server {
          listen 443 ssl;
          server_name harbor.od.com;
          root /var/www/html;
  
          ssl_certificate ssl/server.crt;
          ssl_certificate_key ssl/server.key;
      }
  }
  

  /usr/local/openresty/nginx/sbin/nginx -c /usr/local/openresty/nginx/conf/ssl.conf -t 
  

• 场景2

  # /usr/local/openresty/nginx/conf/ssl.conf
  worker_processes  1;
  
  events {
      worker_connections  1024;
  }
  
  
  http {
      include       mime.types;
      default_type  application/octet-stream;
      
      server {
          listen 80;
          server_name harbor.od.com;
          return 301 https:$server_name$request_uri;
      }
  
      server {
          listen 443 ssl;
          server_name harbor.od.com;
          root /var/www/html;
  
          ssl_certificate ssl/server.crt;
          ssl_certificate_key ssl/server.key;
      }
      server {
          listen 8080;
          server_name harbor.od.com;
          return 301 https:$server_name:1443$request_uri;
      }
  
      server {
          listen 1443 ssl;
          server_name harbor.od.com;
  
          ssl_certificate ssl/server.crt;
          ssl_certificate_key ssl/server.key;
          location / {
          	proxy_pass http://127.0.0.1:8000;
          }
      }
  }
  

• 场景3

  # /usr/local/openresty/nginx/conf/ssl.conf
  worker_processes  1;
  
  events {
      worker_connections  1024;
  }
  
  
  http {
      include       mime.types;
      default_type  application/octet-stream;
      
      server {
          listen 80;
          server_name harbor.od.com;
          return 301 https:$server_name$request_uri;
      }
  
      server {
          listen 443 ssl;
          server_name harbor.od.com;
  
  
          ssl_certificate ssl/server.crt;
          ssl_certificate_key ssl/server.key;
          location / {
          	root /var/www/html;
          }
  		location /api {
          	proxy_pass http://127.0.0.1:8000;
          }
      }
  }
  

免费的ssl证书 https://linuxiac.com/zerossl-how-to-install-ssl-certificate/