1、环境设置
这次是在windows环境下实现的,linux环境下步骤差不多
openssl的windows版本
下载地址: http://slproweb.com/products/Win32OpenSSL.html
Nginx的windows版本
下载地址: http://nginx.org/en/download.html
网站使用python的tornado框架
2、openssl创建证书
1 1.创建私钥 2 3 openssl genrsa -des3 -out lifes.key 1024 4 5 输入密码后,再次重复输入确认密码。记住此密码,后面会用到。 6 7 8 2. 创建csr证书 9 10 openssl req -new -key lifes.key -out lifes.csr 11 12 bin文件夹内出现两个文件:lifes.key、 lifes.csr 13 14 3. 去除密码 15 16 在加载SSL支持的Nginx并使用上述私钥时除去必须的口令,否则会在启动nginx的时候需要输入密码 17 18 复制lifes.key并重命名为lifes.key.org 19 20 可以使用此命令行,也可以使用鼠标操作 copy lifes.key lifes.key.org 21 22 去除口令,在命令行中执行此命令: openssl rsa -in lifes.key.org -out lifes.key 23 4. 生成crt证书 24 25 openssl x509 -req -days 365 -in lifes.csr -signkey lifes.key -out lifes.crt
3、搭建webapp
1 #-*-coding:utf-8-*- 2 3 import os.path 4 5 import tornado.httpserver 6 import tornado.ioloop 7 import tornado.options 8 import tornado.web 9 10 from tornado.options import define, options 11 define("port", default=8000, help="run on the given port", type=int) 12 13 class IndexHandler(tornado.web.RequestHandler): 14 def get(self): 15 ip = self.request.remote_ip 16 print(ip) 17 self.render("test.html") 18 19 class UserHandler(tornado.web.RequestHandler): 20 def post(self): 21 user_name = self.get_argument("username") 22 user_email = self.get_argument("email") 23 user_website = self.get_argument("website") 24 user_language = self.get_argument("language") 25 self.render("user.html",username=user_name,email=user_email,website=user_website,language=user_language) 26 27 handlers = [ 28 (r"/", IndexHandler), 29 (r"/user", UserHandler) 30 ] 31 32 template_path = os.path.join(os.path.dirname(__file__),"template") 33 34 if __name__ == "__main__": 35 tornado.options.parse_command_line() 36 app = tornado.web.Application(handlers, template_path) 37 http_server = tornado.httpserver.HTTPServer(app) 38 http_server.listen(options.port) 39 tornado.ioloop.IOLoop.instance().start()
4、配置nginx.conf
1 #user nobody; 2 worker_processes 1; 3 4 #error_log logs/error.log; 5 #error_log logs/error.log notice; 6 #error_log logs/error.log info; 7 8 #pid logs/nginx.pid; 9 10 11 events { 12 worker_connections 1024; 13 } 14 15 16 http { 17 include mime.types; 18 default_type application/octet-stream; 19 20 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 21 # '$status $body_bytes_sent "$http_referer" ' 22 # '"$http_user_agent" "$http_x_forwarded_for"'; 23 24 #access_log logs/access.log main; 25 26 sendfile on; 27 #tcp_nopush on; 28 29 #keepalive_timeout 0; 30 keepalive_timeout 65; 31 32 #gzip on; 33 34 server { 35 listen 80; 36 server_name localhost; 37 38 #charset koi8-r; 39 40 #access_log logs/host.access.log main; 41 42 43 location / { 44 root html; 45 index index.html index.htm; 46 } 47 48 #error_page 404 /404.html; 49 50 # redirect server error pages to the static page /50x.html 51 # 52 error_page 500 502 503 504 /50x.html; 53 location = /50x.html { 54 root html; 55 } 56 57 # proxy the PHP scripts to Apache listening on 127.0.0.1:80 58 # 59 #location ~ .php$ { 60 # proxy_pass http://127.0.0.1; 61 #} 62 63 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 64 # 65 #location ~ .php$ { 66 # root html; 67 # fastcgi_pass 127.0.0.1:9000; 68 # fastcgi_index index.php; 69 # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 70 # include fastcgi_params; 71 #} 72 73 # deny access to .htaccess files, if Apache's document root 74 # concurs with nginx's one 75 # 76 #location ~ /.ht { 77 # deny all; 78 #} 79 } 80 81 82 # another virtual host using mix of IP-, name-, and port-based configuration 83 # 84 #server { 85 # listen 8000; 86 # listen somename:8080; 87 # server_name somename alias another.alias; 88 89 # location / { 90 # root html; 91 # index index.html index.htm; 92 # } 93 #} 94 95 96 # HTTPS server 97 # 98 server { 99 listen 8088 default_server; 100 listen [::]:8066 ipv6only=on; 101 listen [::]:443 ssl; 102 listen 443 ssl; 103 104 server_name localhost; 105 server_name www.web1.com; 106 107 ssl_certificate C:UsersAdministratorDesktopopenssl-0.9.8k_WIN32inlifes.crt; 108 ssl_certificate_key C:UsersAdministratorDesktopopenssl-0.9.8k_WIN32inlifes.key; 109 110 ssl_session_cache shared:SSL:1m; 111 ssl_session_timeout 5m; 112 113 ssl_ciphers HIGH:!aNULL:!MD5; 114 ssl_prefer_server_ciphers on; 115 116 location / { 117 proxy_pass http://web1; 118 } 119 } 120 upstream web1{ 121 server 127.0.0.1:8000; #SA Server1 122 } 123 124 }
再nginx目录下
启动服务 start nginx
重新加载 nginx -s reload
查看服务是否正常 nginx -t
5、能正常访问HTTPS站点
https://www.web1.com
参考文章: https://blog.csdn.net/leedaning/article/details/71125559