avatar

生成自签证书并配置nginx的HTTPS

生成一个key

1
openssl genrsa -des3 -out https.key 2048

清除密码

1
2
3
mv https.key ssl.key
openssl rsa -in ssl.key -out https.key
rm ssl.key

创建请求文件

1
openssl req -new -key https.key -out https.csr

生成证书

1
openssl x509 -req -days 365 -in https.csr -signkey https.key -out https.crt

开启Https

1
2
3
4
5
6
7
8
9
10
11
12
13
server {
#listen 80;
listen 443 ssl;
server_name www.ld80.cn;
ssl_certificate /root/https/https.crt;
ssl_certificate_key /root/https/https.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
.......
}