nginx自签证书生成及配置

生成证书

生成key

$ openssl genrsa -out www.zk.com.key 2048

生成csr

$ openssl req -new -key www.zk.com.key -out www.zk.com.csr

生成如下文件

www.zk.com.csr  www.zk.com.key

生成crt

$ openssl x509 -req -days 365 -in www.zk.com.csr -signkey www.zk.com.key -out www.zk.com.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key

生成文件如下

www.zk.com.crt  www.zk.com.csr  www.zk.com.key

生成 pem

$ cat www.zk.com.crt www.zk.com.key > www.zk.com.pem
ls
www.zk.com.crt  www.zk.com.csr  www.zk.com.key  www.zk.com.pem

配置 nginx

upstream api {
    server localhost:3443;
}

server{
  listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/www.zk.com.pem;
  ssl_certificate_key /etc/nginx/ssl/www.zk.com.key;
  #server_name www.zk.com;
  location / {
    proxy_pass  http://api;
  }       
}
server{
  listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/www.ty.com.pem;
  ssl_certificate_key /etc/nginx/ssl/www.ty.com.key;
  #server_name www.ty.com;
  location / {
    proxy_pass  http://api;
  }       
}