openssl生成自签的证书并且使用nginx配置https证书

2024-07-29 18:44:59 浏览数 (1)

1.首先需要安装openssl和openssl-devel

yum install openssl yum install openssl-devel

2.生成私钥文件

openssl genrsa -des3 -out server.key 1024

3.依据私钥文件生成csr证书文件

openssl req -new -key server.key -out server.csr

这里要输入省市区信息,给出一个图片参考

4.为了不需要在每次重启nginx的时候都输入密码

cp server.key server.key.org openssl rsa -in server.key.org -out server.key

5.生成crt证书文件,

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

6.在nginx的conf文件下,vi nginx.conf

代码语言:javascript复制
server
    {
        listen 888;
        listen 443 ssl;

	   ssl_certificate      /app/hd/ssl/server.crt;
	   ssl_certificate_key /app/hd/ssl/server.key;


	   add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
	   ssl_session_cache    shared:SSL:10m;
	   ssl_session_timeout  30m;
	   gzip_disable "msie6"; 
	   gzip_vary on; 
	   gzip_proxied any;
	   gzip_comp_level 8; #压缩级别
	   gzip_buffers 16 8k;
	   # 启用gzip压缩的最小文件,小于设置值的文件将不会压缩
	   gzip_min_length 1k;
	   #gzip_http_version 1.1;
	   gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
	  
        
        server_name phpmyadmin 192.168.105.6;
        index index.html index.htm index.php;
        #root  /www/server/phpmyadmin;

        #配置静态访问路径
 

	   location / {
			if (!-e $request_filename){
			rewrite ^(.*)$ /$1.html last;
			break;
		 }
		root /app/hd/vue/app;
			index index.html index.html;
	    
	   }
	   #js访问
	   location /static/ {
			alias /app/hd/vue/app/static/;
	   }
  

	location ~ .*.(gif|jpg|jpeg|png)$ {  
      expires 24h;  
      root  /app/hd/vue/app/;#指定图片存放路径  
      #access_log /usr/local/websrv/nginx-1.9.4/logs/images.log;#日志存放路径  
      proxy_store on;  
      proxy_store_access user:rw group:rw all:rw;  
      proxy_temp_path     /home/images/;#图片访问路径  
      proxy_redirect     off;  
      proxy_set_header    Host 127.0.0.1;  
      client_max_body_size  10m;  
      client_body_buffer_size 1280k;  
      proxy_connect_timeout  900;  
      proxy_send_timeout   900;  
      proxy_read_timeout   900;  
      proxy_buffer_size    40k;  
      proxy_buffers      40 320k;  
      proxy_busy_buffers_size 640k;  
      proxy_temp_file_write_size 640k;  
  
    }
  
		
        #error_page   404   /404.html;
        include enable-php.conf;

        location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

		
	 

        access_log  /www/wwwlogs/access.log;
    }

7重启nginx

/usr/local/nginx/sbin/nginx -s reload

配置 压缩 nginx https openssl

0 人点赞