文章目录
- 安装证书工具
- 安装根证书
- 生成域名证书
- 配置
- 转发 ssl的请求到http请求
安装证书工具
curl ‘http://pan.itshine.cn:5080/?explorer/share/fileOut&shareID=64h6PiQQ&path=%7BshareItemLink%3A64h6PiQQ%7D%2F%E5%B7%A5%E5%85%B7%2Fmkcert’ > ‘./mkcert’
chomd +x mkcert && cp mkcert /bin
安装根证书
mkcert -install
生成域名证书
mkcert 192.168.10.174
后面的IP地址必须是自己的IP地址或者是你的机器的nginx 一个虚拟主机server一个域名。
会有二个文件生产
- 192.168.10.174.pem 包含公钥的证书,经过自签发了。
- 192.168.10.174.key.pem 私钥
配置
server {listen 443 ssl http2;listen [::]:443 ssl http2;server_name _;root /usr/share/nginx/html;
# 公钥证书,改成你自己的证书绝对路径ssl_certificate "/etc/nginx/ssl/192.168.10.42.pem";
# 私钥 ,改成自己绝对路径ssl_certificate_key "/etc/nginx/ssl/192.168.10.42-key.pem";ssl_session_cache shared:SSL:1m;ssl_session_timeout 10m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}
}
重新启动访问
https://your-ip/
转发 ssl的请求到http请求
location /
{
# 改成你要代理到的http服务器,proxy_pass http://127.0.0.1:8087/;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header REMOTE-HOST $remote_addr;proxy_set_header Upgrade $http_upgrade;# proxy_set_header Connection $connection_upgrade;proxy_set_header X-Forwarded-Proto https;proxy_http_version 1.1;# proxy_hide_header Upgrade;add_header X-Cache $upstream_cache_status;#Set Nginx Cacheset $static_fileJKcauNzk 0;if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" ){set $static_fileJKcauNzk 1;expires 1m;}if ( $static_fileJKcauNzk = 0 ){add_header Cache-Control no-cache;}
}
将上述文字复制到 刚才虚拟主机当中。