1、下载 OpenResty - 下载
根据自己系统选择下载,我的是64位
2、解压到目录
3、启动openresty
进入解压后的目录,执行nginx.exe
浏览器输入 http://localhost 查看是否正常。显示以下画面就表示没有问题。
接下来可以开始准备动态安装证书
4、使用openssl-win64生成测试证书(待补充)
openssl 下载地址。 也可以使用csdn下载
5、进入conf目录,编辑nginx.conf
bash
#增加ssl server配置
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
ssl_certificate_by_lua_file conf\cert\ssl.lua;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}6、编写ssl.lua , 放到conf/cert下
Lua
local ssl = require "ngx.ssl"
-- 清除之前设置的证书和私钥
local ok, err = ssl.clear_certs()
if not ok then
ngx.log(ngx.ERR, "failed to clear existing (fallback) certificates")
return ngx.exit(ngx.ERROR)
end
-- 获取证书内容,比如 io.open("my.crt"):read("*a")
local cert_data, err
cert_data = io.open("conf\\cert\\localhost.crt"):read("*a")
if not cert_data then
ngx.log(ngx.ERR, "failed to get PEM cert: ", err)
return
end
-- 解析出 cdata 类型的证书值,你可以用 lua-resty-lrucache 缓存解析结果
local cert, err = ssl.parse_pem_cert(cert_data)
if not cert then
ngx.log(ngx.ERR, "failed to parse PEM cert: ", err)
return
end
local ok, err = ssl.set_cert(cert)
if not ok then
ngx.log(ngx.ERR, "failed to set cert: ", err)
return
end
local pkey_data, err
pkey_data = io.open("conf\\cert\\localhost.key"):read("*a")
if not pkey_data then
ngx.log(ngx.ERR, "failed to get DER private key: ", err)
return
end
local pkey, err = ssl.parse_pem_priv_key(pkey_data)
if not pkey then
ngx.log(ngx.ERR, "failed to parse pem key: ", err)
return
end
local ok, err = ssl.set_priv_key(pkey)
if not ok then
ngx.log(ngx.ERR, "failed to set private key: ", err)
return
end