• Nginx设置Https


    PS:内部测试使用openssl,生产使用需要购买

    一.创建ssl证书

    1.1 创建私钥

    [root@VM-16-15-centos ~]# cd /usr/local/nginx/
    [root@VM-16-15-centos nginx]# mkdir ssl
    [root@VM-16-15-centos nginx]# cd ssl/
    [root@VM-16-15-centos ssl]# openssl genrsa -des3 -out admin.key 2048
    Generating RSA private key, 2048 bit long modulus
    ..................+++
    ........................................................................................................+++
    e is 65537 (0x10001)
    Enter pass phrase for admin.key:  [123456]
    Verifying - Enter pass phrase for admin.key:  [123456]
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • -des3:使用des3加密
    • -out:保存
    • 2048:默认选择为2048

    1.2 生成CSR(证书签名请求)

    [root@VM-16-15-centos ssl]# openssl req -new -key admin.key -out admin.csr
    Enter pass phrase for admin.key: [123456]
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    #正常需要依次输入国家,地区,城市,组织,组织单位,此处为内网用直接全部回车即可;
    Country Name (2 letter code) [XX]: 
    State or Province Name (full name) []:
    Locality Name (eg, city) [Default City]:
    Organization Name (eg, company) [Default Company Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) []:
    Email Address []:
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • -new:表示生成一个新证书签署请求

    1.3 删除密钥中的密码

    [root@VM-16-15-centos ssl]# openssl  rsa -in admin.key -out admin.key 
    Enter pass phrase for admin.key: [123456]
    writing RSA key
    
    • 1
    • 2
    • 3
    • -in:指定要加密的文件存放路径

    1.4 生成自签名证书

    [root@VM-16-15-centos ssl]# openssl  x509 -req -days 365 -in admin.csr -signkey admin.key -out admin.crt
    Signature ok
    subject=/C=XX/L=Default City/O=Default Company Ltd
    Getting Private key
    
    • 1
    • 2
    • 3
    • 4
    • -509:定义证书格式
    • -days:证书的有效期限,单位是day(天),默认是365天
    • -signkey:对证书进行自我签名

    1.5 生成pem格式公钥

    PS:有些服务,需要有pem格式的证书才能正常加载;

    [root@VM-16-15-centos ssl]# openssl x509 -in admin.crt  -out admin.pem -outform PEM
    [root@VM-16-15-centos ssl]# ls
    admin.crt  admin.csr  admin.key  admin.pem
    
    • 1
    • 2
    • 3

    二.修改Nginx配置文件

    [root@VM-16-15-centos ~]# cd /usr/local/nginx/conf/
    [root@VM-16-15-centos conf]# vim nginx.conf
    ......
    #在配置文件中找到https断了去掉注释指向创建好的ssl证书路径;
      # HTTPS server
    
        server {
    
            listen       443 ssl;
            server_name  localhost;
    
            ssl_certificate      /usr/local/nginx/ssl/admin.pem;
            ssl_certificate_key  /usr/local/nginx/ssl/admin.key;
    
        #    ssl_session_cache    shared:SSL:1m;
        #    ssl_session_timeout  5m;
    
        #    ssl_ciphers  HIGH:!aNULL:!MD5;
        #    ssl_prefer_server_ciphers  on;
    
            location / {
                root   html;
                index  index.html index.htm index.php;
            }
    
            location ~ \.php$ {
               root           html;
                fastcgi_pass   10.0.16.15:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include        fastcgi_params;
            }
        }
    
    ......
    [root@VM-16-15-centos conf]# systemctl  restart nginx
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36

    测试访问:
    在这里插入图片描述

  • 相关阅读:
    C++实现四叉树索引
    图文详细介绍:使用IDEA通过插件创建流程图解决Activiti工作流部署审批等操作
    查询mysql单个分区的方法
    苹果历届版本重量参数
    为什么手机和电视ip地址不一样
    VSCode编译运行C代码
    Spring-----AOP面向切面
    如何排版一篇优秀的公众号文章呢?
    React 中的 useLayoutEffect 钩子函数
    为什么在使用onnxruntime-gpu下却没有成功调用GPU?
  • 原文地址:https://blog.csdn.net/weixin_45191791/article/details/126662692