nginx配置ssl证书
一、openssl生成证书
- 在nginx安装目录下创建存放证书目录:
mkdir ssl
- openssl生成证书:
#生成key:
openssl genrsa -des3 -out server.key 2048
#通过以下方法生成没有密码的key:
openssl rsa -in server.key -out server.key
#生成CA的crt:(用来签署下面的server.csr文件)
openssl req -new -x509 -key server.key -out ca.crt -days 3650
#生成csr:
openssl req -new -key server.key -out server.csr
#生成crt:
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
二、nginx配置ssl证书:
server {
listen 443 ssl; # https监听端口
server_name localhost; # 监听的服务地址
ssl_certificate /etc/nginx/ssl/server.crt; # 生成的证书
ssl_certificate_key /etc/nginx/ssl/server.key; # 证书key
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 30m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://localhost:80; # 被转发的IP地址端口
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
}
参考文章:https://blog.csdn.net/u010734213/article/details/133202982