nginx-https

1.安装cfssl(如果有这一步可以忽略)

wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64

chmod -x cfssl*

for x in cfssl*; do mv $x ${x%*_linux-amd64};  done

mv cfssl* /usr/bin

2.生成证书

先创建json文件

{
  "CN": "10.211.55.62",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [{
    "C": "CN",
    "ST": "beijing",
    "L": "beijing",
    "O": "od",
    "OU": "ops"
  }]
}

cfssl gencert -initca oo.json | cfssljson -bare ca

修改nginx.conf

http{

    server {
        listen 80;
        server_name 10.211.55.66;
        root /usr/share/nginx/html;
    }
    
    server {
        listen 443;
        server_name 10.211.55.66;
        ssl on;
        root html;
        index index.html index.htm;
        ssl_certificate   /etc/ssl/ca.pem;
        ssl_certificate_key  /etc/ssl/ca.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        location / {
            root html;
            index index.html index.htm;
        }
    }
}