一 首先用 nginx -V命令查出有无安装SSL(注意V是大写 小写只会查出nginx的版本)
二 找到nginx.conf文件夹存放的位置,执行以下命令
# 1、创建服务器私钥,命令会让你输入一个口令: openssl genrsa -des3 -out server.key 1024 # 2、创建签名请求的证书(CSR): openssl req -new -key server.key -out server.csr # 3、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令: openssl rsa -in server.key -out server_nopass.key # 4、最后标记证书使用上述私钥和CSR: openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt
执行流程 不知道如何点击执行 请对照
[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .++++++ ...............++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^C [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl rsa -in server.key -out server_nopass.key Enter pass phrase for server.key: writing RSA key [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt Signature ok subject=/C=cn/L=Default City/O=Default Company Ltd Getting Private key
看这4个文件有无生成成功
生成成功后修改conf文件
列子:
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name /*按需修改*/;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/server.crt; #证书地址
ssl_certificate_key /etc/nginx/server_nopass.key; #秘钥地址
location / {
root /usr/local/wfp-front/app-ips-front/dist;#前端包地址
try_files $uri $uri/ /index.html;
expires 10d;
proxy_buffer_size 2048k;
proxy_buffers 16 2048k;
proxy_busy_buffers_size 4096k;
proxy_temp_file_write_size 4096k;
}
#下面内容按需配置
location /child/app-mds-front{
alias /usr/local/wfp-front/app-mds-front/;
try_files $uri $uri/ /index.html;
expires 10d;
proxy_buffer_size 2048k;
proxy_buffers 16 2048k;
proxy_busy_buffers_size 4096k;
proxy_temp_file_write_size 4096k;
}
location /child/app-wfp-front{
alias /usr/local/wfp-front/app-wfp-front/;
try_files $uri $uri/ /index.html;
expires 10d;
proxy_buffer_size 2048k;
proxy_buffers 16 2048k;
proxy_busy_buffers_size 4096k;
proxy_temp_file_write_size 4096k;
}
location /api/ {
##添加header避免swagger-ui出现no response from server的错误
proxy_pass /*按需添加*/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
推荐阅读
发表评论