给nginx部署https及自签名ssl证书

一、生成服务器root证书

bash 复制代码
openssl genrsa -out root.key 2048
openssl req -new -key root.key -out root.csr
    #Country Name (2 letter code) [XX]:---> CN
    #Country Name (2 letter code) [XX]:---> CN
    #State or Province Name (full name) []:---> Shanghai
    #Locality Name (eg, city) [Default City]:---> Shanghai
    #Organization Name (eg, company) [Default Company Ltd]:---> kahn commpany
    #Organizational Unit Name (eg, section) []:---> xou
    #Common Name (eg, your name or your server's hostname) []:---> kahn.com
    #Email Address []:---> 37213690@qq.com
    #A challenge password []:---> 回车
    #An optional company name []:---> 回车
openssl x509 -req -days 3650 -in root.csr -signkey root.key -out root.crt

二、生成SSL服务器证书

bash 复制代码
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
    #Country Name (2 letter code) [XX]:---> CN
    #State or Province Name (full name) []:---> Shanghai
    #Locality Name (eg, city) [Default City]:---> Shanghai
    #Organization Name (eg, company) [Default Company Ltd]:---> kahn commpany
    #Organizational Unit Name (eg, section) []:---> xou
    #Common Name (eg, your name or your server's hostname) []:---> kahn.com
    #Email Address []:---> 37213690@qq.com
    #A challenge password []:---> 回车
    #An optional company name []:---> 回车
openssl x509 -req -in server.csr -CA root.crt -CAkey root.key -CAcreateserial -out server.crt -days 3650

#会生成如下6个文件,其中server.*用于nginx

root.crt root.csr root.key root.srl server.crt server.csr server.key

三、部署证书到nginx

下面是一个测试通过的nginx.conf内容

bash 复制代码
user  nginx nginx;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    # HTTPS server
    server {
        listen       443 ssl;
        server_name  kahn.com;

        ssl_certificate      ../ssl-certs/server.crt;
        ssl_certificate_key  ../ssl-certs/server.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
           alias /data/www/;
           index index.html index.htm;
       }
    }
    include ../conf.d/*.conf;
}

主要看 # HTTPS server

server {

listen 443 ssl;

server_name x179.com;及以下内容。

值的注意的是,开启https是在http{}区域内部,并且和其他server{}同级。

四、验证ssl证书

bash 复制代码
openssl s_client -connect kahn.com:443
相关推荐
梁bk3 小时前
[Nginx]反向代理和负载均衡
运维·nginx·负载均衡
游戏开发爱好者86 小时前
iOS重构期调试实战:架构升级中的性能与数据保障策略
websocket·网络协议·tcp/ip·http·网络安全·https·udp
绝不偷吃11 小时前
FastDFS分布式储存
linux·nginx
java1234_小锋13 小时前
解释一下NGINX的反向代理和正向代理的区别?
运维·nginx
tmacfrank15 小时前
Android 网络全栈攻略(四)—— TCPIP 协议族与 HTTPS 协议
android·网络·https
2501_9160137416 小时前
iOS 多线程导致接口乱序?抓包还原 + 请求调度优化实战
websocket·网络协议·tcp/ip·http·网络安全·https·udp
PanZonghui21 小时前
Centos项目部署之Nginx 的安装与卸载
linux·nginx
charlee441 天前
nginx部署发布Vite项目
nginx·性能优化·https·部署·vite
2501_915921431 天前
Fiddler 中文版怎么配合 Postman 与 Wireshark 做多环境接口调试?
websocket·网络协议·tcp/ip·http·网络安全·https·udp
游戏开发爱好者81 天前
iOS App首次启动请求异常调试:一次冷启动链路抓包与初始化流程修复
websocket·网络协议·tcp/ip·http·网络安全·https·udp