OpenSSL创建自签名证书
openssl req -sha256 -newkey rsa:2048 -nodes -keyout agsenterprise.key -x509 -days 3650 -out agsenterprise.crt -config /usr/local/etc/openssl@1.1/openssl.cnf -extensions v3_req
Common Name填写你要访问的域名地址
(OpenSSL创建的自签名证书在chrome端无法信任) 修改openssl.cnf文件
[ req ]
req_extensions = v3_req # The extensions to add to a certificate request
[ v3_req ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = chenfengami.com
nginx配置
server {
listen 80;
listen 443 ssl;
ssl_certificate test/agsenterprise.crt;
ssl_certificate_key test/agsenterprise.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name chenfengami.com;
location / {
proxy_pass http://127.0.0.1:3000/;
}
}
将生成crt文件拖入并且添加信任
