• 开启Nginx代理HTTPS功能


    1、首先查看是否已经安装SSL

     openssl version -a

    2、生成SSL证书

    在nginx目录下创建ssl文件夹
    cd /etc/pki
    mkdir nginx
    cd nginx
    生成2048位的加密私钥
    openssl genrsa -out server.key 2048
    生成证书签名请求(CSR),这里需要填写许多信息
    openssl req -new -key server.key -out server.csr
    输出内容为:
    Enter pass phrase for root.key: ← 输入前面创建的密码
    Country Name (2 letter code) [AU]:CN ← 国家代号,中国输入CN
    State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音
    Locality Name (eg, city) []:BeiJing ← 市的全名,拼音
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名
    Organizational Unit Name (eg, section) []: ← 可以不输入
    Common Name (eg, YOUR name) []: ← 服务器主机名,若填写不正确,浏览器会报告证书无效,但并
    Email Address []:admin@mycompany.com ← 电子邮箱,可随意填
    Please enter the following ‘extra’ attributes
    to be sent with your certificate request
    A challenge password []: ← 可以不输入
    An optional company name []: ← 可以不输入
    生成类型为X509的自签名证书。有效期设置3650天,即有效期为10年
    openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

      

    3、修改Nginx配置文件

    # For more information on configuration, see:
    #   * Official English Documentation: http://nginx.org/en/docs/
    #   * Official Russian Documentation: http://nginx.org/ru/docs/
    
    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log;
    pid /run/nginx.pid;
    
    # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
    include /usr/share/nginx/modules/*.conf;
    
    events {
        worker_connections 1024;
    }
    
    http {
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  /var/log/nginx/access.log  main;
    
        sendfile            on;
        tcp_nopush          on;
        tcp_nodelay         on;
        keepalive_timeout   65;
        types_hash_max_size 2048;
    
        include             /etc/nginx/mime.types;
        default_type        application/octet-stream;
    
        # Load modular configuration files from the /etc/nginx/conf.d directory.
        # See http://nginx.org/en/docs/ngx_core_module.html#include
        # for more information.
        include /etc/nginx/conf.d/*.conf;
    
        server {
            listen       80 default_server;
            listen       [::]:80 default_server;
            server_name  _;
            root         /usr/share/nginx/html;
    
            # Load configuration files for the default server block.
            include /etc/nginx/default.d/*.conf;
    
            location / {
    		
         }
    
            error_page 404 /404.html;
                location = /40x.html {
            }
    
            error_page 500 502 503 504 /50x.html;
                location = /50x.html {
            }
        }
    
    # Settings for a TLS enabled server.
    #
        server {
            listen       443 ssl http2 default_server;
            listen       [::]:443 ssl http2 default_server;
            server_name  _;
            root         /usr/share/nginx/html;
    
            ssl_certificate "/etc/pki/nginx/server.crt"; #生成的自签名文件
            ssl_certificate_key "/etc/pki/nginx/server.key"; #生成的私钥文件
            ssl_session_cache shared:SSL:1m;
            ssl_session_timeout  10m;
            ssl_ciphers HIGH:!aNULL:!MD5;
            ssl_prefer_server_ciphers on;
    
            # Load configuration files for the default server block.
            include /etc/nginx/default.d/*.conf;
    
            location / {
            }
    
            error_page 404 /404.html;
                location = /40x.html {
            }
    
            error_page 500 502 503 504 /50x.html;
                location = /50x.html {
           }
        }
    
    }
    

     检查配置文件是否正确

    nginx -t
    

     重启服务

    service nginx reload
    

     

  • 相关阅读:
    数据库基础之锁(2. 幻读理解)
    数据库基础之锁(3. 避免幻读对事务并发性的影响)
    数据库基础之锁(4. 多版本并发控制MVCC原理详解)
    同步、异步与阻塞非阻塞
    C++基础之Lambda表达式
    C++基础之static的二三事
    个人总结 —— 事事满怀热情
    第三次结对作业:需求建模练习
    第二次结对作业
    第一次结对作业
  • 原文地址:https://www.cnblogs.com/heibai-ma/p/15325522.html
Copyright © 2020-2023  润新知