文章目录
安装证书工具
curl 'http://pan.itshine.cn:5080/?explorer/share/fileOut\&shareID=64h6PiQQ\&path={shareItemLink%3A64h6PiQQ}%2F工具%2Fmkcert' > './mkcert'
chomd +x mkcert && cp mkcert /bin
安装根证书
mkcert -install
生成域名证书
mkcert 192.168.10.174
后面的IP地址必须是自己的IP地址或者是你的机器的nginx 一个虚拟主机server一个域名。
会有二个文件生产
- 192.168.10.174.pem 包含公钥的证书,经过自签发了。
- 192.168.10.174.key.pem 私钥
配置
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
root /usr/share/nginx/html;
# 公钥证书,改成你自己的证书绝对路径
ssl_certificate "/etc/nginx/ssl/192.168.10.42.pem";
# 私钥 ,改成自己绝对路径
ssl_certificate_key "/etc/nginx/ssl/192.168.10.42-key.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}重新启动访问
转发 ssl的请求到http请求
location /
{
# 改成你要代理到的http服务器,
proxy_pass http://127.0.0.1:8087/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_fileJKcauNzk 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_fileJKcauNzk 1;
expires 1m;
}
if ( $static_fileJKcauNzk = 0 )
{
add_header Cache-Control no-cache;
}
} 将上述文字复制到 刚才虚拟主机当中。