本文主要是介绍nginx生成自签名SSL证书配置HTTPS的实现,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
《nginx生成自签名SSL证书配置HTTPS的实现》本文主要介绍在Nginx中生成自签名SSL证书并配置HTTPS,包括安装Nginx、创建证书、配置证书以及测试访问,具有一定的参考价值,感兴趣的可...
一、安装nginx
nginx必须有"--with-http_ssl_module"模块 查看nginx安装的模块: root@ecs-7398:/usr/local/nginx# cd /usr/local/nginx/ root@ecs-7398:/usr/local/nginx# ./sbin/nginx -V nginx version: nginx/1.20.2 built by gcc 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2) built with OpenSSL 1.1.1f 31 Mar 2020 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module --with-http_realip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module
二、创建证书
1、生成私钥
root@ecs-7398:~# cd /usr/local/nginx/ root@ecs-7398:/usr/local/nginx# mkdir key root@ecs-7398:/usr/local/nginx# cd key/ root@ecs-7398:/usr/local/nginx/key# openssl genrsa -des3 -out server.key 2048 SSEmS #使用ssl生成私钥名为 server.key Generating RSA private key, 2048 bit long modulus (2 primes) ................+++++ ......+++++ e is 65537 (0x010001) Enter pass phrase for server.key: #自定义密码:123456 Verifying - Enter pass phrase for server.key: #确认密码:123456 root@ecs-7398:/usr/local/nginx# ls client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp server.key uwsgi_temp root@ecs-7398:/usr/local/nginx/key# cat server.key #查看私钥内容 -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,4103533ED9B6ECD1 MAhsh46L3TsiCymB5pTA93lw/WZKzX/9iuzgM/OgG7U0cKHWdiLf907/52Ocp80e bY/FKTADBcrEv2uFuke28WjdN2aQddiJGsP0CDLVKfv/kqEgvYuy2sIcoXcHV8fL 70vfaFuTa5CwxyIbRvfHFSpj39oC76eitx120x+KCkgWDkIaVGG9cP0TfmDnDOSe fmpmZhqkkkP5dXuuPNItfumHHhZpjXqMr9oGxtENdMyNBrRywC8+NhRhO7iomZeP tHiQpjQCrD8xkKcYqfKVCOS8KCXeKF1EylbJ89e2ZqgaujuKyC90raHpwga9MUSO HNOT/U85zwsmqkh4/2Ox7AVLlNiG0+Rxt+IfWJphpb6xgT21SEfL/2vskNAkj2PN3J+ mpeSvpaKI1BsZ8LrpsqFNR0fDhIg+a5hzfSTlWouZcpePx7vb5qvKAvoSKrGmbDO GQp4H24cSPAaQI6Wih+AxB8stfTCsBATJ5RwXgYNskumHL8KzpC9/Yj7QrLx3m3I TBDlpOVU6tUYzMDVYDMGtTUhoPIdfVjaRz8BGWUFp0MM3Sx+rppPul1voSuVve5T 8uba4fqv+KIEQdR/PELB4N+ZgZiFP5HtoZN7mFWN6H/Ygm3GEgNeljiqypYQpZOd dUIC/vhRsCuylww7Rh8LUtgnVAkJbjsyuqjA38wypATLKQFI1rwFzI9gCWwyz0SCNQ tffBpZebLkG+H7GGfrTo+50TLDVetyQctbj2ibytpVKK4xE7oaMSZYqbfqg6OYCp k2LhlWkKsDf7XhLbo5kP2UUfB7LSzx3JdRmA0Fw3GqEevFJysyJO2w== -----END RSA PRIVATE KEY----- root@ecs-7398:/usr/local/nginx/key#
2、生成公钥
root@ecs-7398:/usr/local/nginx/key# openssl req -new -key server.key -out server.csr #基于创建的server.key私钥创建server.csr公钥 Enter pass phrase for server.key: #输入server.key的密码:123456 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN #国家 State or Province Name (full name) [Some-State]:shanghai #省市 Locality Name (eg, city) []:jiading #城市 Organizatandroidion Name (eg, company) [Internet Widgits Pty Ltd]:bai #组织 Organizational Unit Name (eg, section) []:zr #单位 Common Name (e.g. server FQDN or YOUR name) []:byc #姓名 Email Address []:2123288207@qq.com #邮箱 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 #密码 An optional company name []:zr #公司 root@ecs-7398:/usr/local/nginx/key#
3、签名生成证书
root@ecs-7398:/usr/local/nginx/key# openssl rsa -in server.key -out server.key #去除server.key认证,避免每次"nginx -t"时出现输入密码的情况 Enter pass phrase for server.key: #密码:123456 writing RSA key root@ecs-7398:/usr/local/nginx/key# root@ecs-7398:/usr/local/nginx/key# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt #使用私钥和公钥生成server.crt签名证书,-days为3650天 -in指定公钥,-signkey指定私钥,生成的前面证书为server.crt Signature ok subject=C = CN, ST = shanghai, L = jiading, O = bai, OU = zr, CN = byc, emailAddress = 2123288207@qq.com Getting Private key root@ecs-7398:/usr/local/nginx/key#
三、配置证书并验证
root@ecs-7398:/usr/local/nginx/key# cd .. root@ecs-7398:/usr/local/nginx# systemctl start nginx #启动Nginx root@ecs-7398:/usr/local/nginx# vim conf/nginx.conf #编辑nginx主配置文件将后面server的注释去掉
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/nginx/key/server.crt; ##证书路径
ssl_certificate_key /usr/local/nginx/key/server.key; ##证书路径
php ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/local/nginx/html/xiaomi;
index index.html index.htm;
}
}
四、测试
root@ecs-7398:/usr/local/nginx# cd root@ecs-7398:~# ls nginx-1.20.2 nginx-1.20.2.tar.gz 小米官网.zip root@ecs-7398:~# unzip 小米官网.zip -d /usr/local/nginx/html/xiaomi root@ecs-7398:~# ls /usr/local/nginx/html/xiaomi/ css iconfont images index.html
在浏览器访问https//xxx.xxx.xxx.xxx:443
到此这篇关于nginx生成自签名SSL证书配置HTTPS的实现的文章就介绍到这了,更多相关nginx生成自签名SSL证书内容请搜索China编程(www.chinasem.cn)以前的文章或继续浏览下面的相关文章希望大家以后多多支持编程China编程(www.chinasem.cn)!
这篇关于nginx生成自签名SSL证书配置HTTPS的实现的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
