一  首先用 nginx -V命令查出有无安装SSL(注意V是大写 小写只会查出nginx的版本)

二 找到nginx.conf文件夹存放的位置,执行以下命令

# 1、创建服务器私钥,命令会让你输入一个口令:  openssl genrsa -des3 -out server.key 1024  # 2、创建签名请求的证书(CSR):  openssl req -new -key server.key -out server.csr  # 3、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:  openssl rsa -in server.key -out server_nopass.key  # 4、最后标记证书使用上述私钥和CSR:  openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt

执行流程 不知道如何点击执行 请对照

[root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl genrsa -des3 -out server.key 1024  Generating RSA private key, 1024 bit long modulus .++++++ ...............++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl req -new -key server.key -out server.csr  Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~^C [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl req -new -key server.key -out server.csr  Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []:   Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]#  [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]#  [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]#  [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]#  [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl rsa -in server.key -out server_nopass.key  Enter pass phrase for server.key: writing RSA key [root@iZ2ze4s0djlh8qcc8jvqiiZ ex]# openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt Signature ok subject=/C=cn/L=Default City/O=Default Company Ltd Getting Private key

看这4个文件有无生成成功

生成成功后修改conf文件

列子:

user root;

worker_processes auto;

error_log /var/log/nginx/error.log notice;

pid /var/run/nginx.pid;

events {

worker_connections 1024;

}

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;

#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

server {

listen 80;

server_name /*按需修改*/;

return 301 https://$server_name$request_uri;

}

server {

listen 443 ssl;

server_name localhost;

ssl_certificate /etc/nginx/server.crt; #证书地址

ssl_certificate_key /etc/nginx/server_nopass.key; #秘钥地址

location / {

root /usr/local/wfp-front/app-ips-front/dist;#前端包地址

try_files $uri $uri/ /index.html;

expires 10d;

proxy_buffer_size 2048k;

proxy_buffers 16 2048k;

proxy_busy_buffers_size 4096k;

proxy_temp_file_write_size 4096k;

}

#下面内容按需配置

location /child/app-mds-front{

alias /usr/local/wfp-front/app-mds-front/;

try_files $uri $uri/ /index.html;

expires 10d;

proxy_buffer_size 2048k;

proxy_buffers 16 2048k;

proxy_busy_buffers_size 4096k;

proxy_temp_file_write_size 4096k;

}

location /child/app-wfp-front{

alias /usr/local/wfp-front/app-wfp-front/;

try_files $uri $uri/ /index.html;

expires 10d;

proxy_buffer_size 2048k;

proxy_buffers 16 2048k;

proxy_busy_buffers_size 4096k;

proxy_temp_file_write_size 4096k;

}

location /api/ {

##添加header避免swagger-ui出现no response from server的错误

proxy_pass /*按需添加*/;

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

}

}

推荐阅读

评论可见,请评论后查看内容,谢谢!!!
 您阅读本篇文章共花了: