天天看點
傳回

nginx配置https和生成https證書

作者:從事java的小白

#頭條創作挑戰賽#

一、生成.crt和.key

  • 生成秘鑰key,運作

openssl genrsa -des3 -out server.key 2048

  • 建立伺服器證書的申請檔案server.csr,運作

openssl req -new -key server.key -out server.csr

  • 建立CA憑證:

openssl req -new -x509 -key server.key -out ca.crt -days 3650

  • 建立自目前日期起有效期為期十年的伺服器證書server.crt:

openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt

二、配置支援websocket的連接配接和https請求的相關配置

#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
	worker_connections 1024;
}
http {
	include mime.types;
  default_type application/octet-stream;
  #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  # '$status $body_bytes_sent "$http_referer" '
  # '"$http_user_agent" "$http_x_forwarded_for"';
  #access_log logs/access.log main;
  sendfile on;

# keepalive_timeout 65;

# server {
	# proxy the PHP scripts to Apache listening on 127.0.0.1:80
  
  #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
  #}
	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    
  #location ~ \.php$ {
    # root html;
    # fastcgi_pass 127.0.0.1:9000;
    # fastcgi_index index.php;
    # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    # include fastcgi_params;
  #}
  # deny access to .htaccess files, if Apache's document root
  # concurs with nginx's one
  #
  #location ~ /\.ht {
    # deny all;
  #}
  # }
  # another virtual host using mix of IP-, name-, and port-based configuration
  #
  #server {
    # listen 8000;
    # listen somename:8080;
    # server_name somename alias another.alias;
    # location / {
    # root html;
    # index index.html index.htm;
    # }
  #}
  upstream websocket {
    server ip:port;
  }
# HTTPS server
#
server {
  listen 9090 ssl;
  server_name localhost;
  ssl_certificate /usr/local/nginx/ssl/server.crt;
  ssl_certificate_key /usr/local/nginx/ssl/server.key;
  ssl_session_cache shared:SSL:1m;
  ssl_session_timeout 5m;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  location /xxx/
  {
    proxy_set_header X-Real_IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X_Forward_For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;#這是webSocket的配置
    proxy_set_header Connection "Upgrade";#這是webSocket的配置
    proxy_pass http://websocket/xxx/;
    proxy_connect_timeout 300s;
    #proxy_read_timeout,proxy_read_timeout 預設60s斷開,可以把他設定大一點
    proxy_read_timeout 300s;
    proxy_send_timeout 300s;
   }
  location / {
    root /usr/local/nginx/xxx;
    # autoindex on;
    # autoindex_exact_size on;
    # autoindex_localtime on;
  }

  location /xxx {
    proxy_pass https://localhost:9091/xxx;
  }
}
  server {
    listen 9999 ssl;
    server_name localhost;
    ssl_certificate /usr/local/nginx/ssl/server.crt;
    ssl_certificate_key /usr/local/nginx/ssl/server.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / {
    root /usr/local/nginx/xxxx;
    }
  }
}
nginx配置https和生成https證書
nginx配置https https證書 配置https nginx配置 配置 https nginx ttps tomcat Docker java
上一篇: 家庭用水需要裝過濾器嗎?來看看過來人怎麼說,别再踩雷了
下一篇: 資料合規,金融App數字化轉型“前奏”

繼續閱讀