生成证书
生成key
$ openssl genrsa -out www.zk.com.key 2048
生成csr
$ openssl req -new -key www.zk.com.key -out www.zk.com.csr
生成如下文件
www.zk.com.csr www.zk.com.key
生成crt
$ openssl x509 -req -days 365 -in www.zk.com.csr -signkey www.zk.com.key -out www.zk.com.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
生成文件如下
www.zk.com.crt www.zk.com.csr www.zk.com.key
生成 pem
$ cat www.zk.com.crt www.zk.com.key > www.zk.com.pem
ls
www.zk.com.crt www.zk.com.csr www.zk.com.key www.zk.com.pem
配置 nginx
upstream api {
server localhost:3443;
}
server{
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/www.zk.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.zk.com.key;
#server_name www.zk.com;
location / {
proxy_pass http://api;
}
}
server{
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/www.ty.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.ty.com.key;
#server_name www.ty.com;
location / {
proxy_pass http://api;
}
}