1、下载并安装openssl
下载该exe文件后,双击下一步傻瓜式安装
2、配置path环境变量
配置完成后,在cmd窗口执行"openssl version"命令,验证是否完成安装。
3、生成ssl私钥
bash
openssl genrsa -out D:\cert\private.key 2048
bash
openssl req -new -key D:\cert\private.key -out D:\cert\request.csr
4、生成ssl证书
bash
openssl x509 -req -in D:\cert\request.csr -signkey D:\cert\private.key -out D:\cert\certificate.crt -days 365
5、验证ssl证书
bash
openssl x509 -in D:\cert\certificate.crt -text -noout
6、nginx配置https
(1)将生成的证书文件拷贝到指定目录
(2)打开nginx.conf文件配置相关参数
bash
server {
listen 8080 ssl;
server_name 192.168.5.109;
ssl_certificate D:/Server/nginx-1.22.0/cert/certificate.crt;
ssl_certificate_key D:/Server/nginx-1.22.0/cert/private.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8765;
limit_conn perip 10;
limit_conn perserver 100;
limit_rate_after 100M;
limit_rate 10k;
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 50m;
client_body_buffer_size 2560k;
proxy_connect_timeout 1;
proxy_send_timeout 300;
proxy_read_timeout 3000;
proxy_buffer_size 2560k;
proxy_buffers 4 2560k;
proxy_busy_buffers_size 2560k;
proxy_temp_file_write_size 2560k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
#若是http请求自动跳转到https,端口为公网地址端口
error_page 497 https://$host:8380$request_uri;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}