生成 SSL 证书
生成私钥:
bash
复制代码
openssl genpkey -algorithm RSA -out privateKey.pem -pkeyopt rsa_keygen_bits:2048
生成证书签名请求 (CSR):
bash
复制代码
openssl req -new -key privateKey.pem -out certificate.csr
生成自签名证书:
bash
复制代码
openssl x509 -req -days 365 -in certificate.csr -signkey privateKey.pem -out certificate.crt
配置 Nginx 代理
bash
复制代码
server {
listen 8080;
listen 443 ssl;
server_name localhost;
ssl_certificate certificate.crt;
ssl_certificate_key privateKey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://keycloak.demofor.cn:8080;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://$scheme://;
}
}