nginx自签SSL证书和Symantec签发证书使用

以谁为师

发布于 2019-06-02 13:03:17

1.1K0

发布于 2019-06-02 13:03:17

自签证书

生成证书

mkdir /usr/local/nginx/conf/ssl
cd !$
# 新建目录

openssl genrsa -des3 -out tmp.key 1024
#  输入密码后，再次重复输入确认密码
openssl rsa -in tmp.key -out example.com.key
# 转换key,取消密码

openssl req -new -key example.com.key -out example.com.csr
# 创建csr证书

openssl x509 -req -days 365 -in example.com.csr -signkey example.com.key -out example.com.pem
# 创建pem文件

nginx配置

    listen 443 ssl;
    server_name api.example.com;
    # TLS 配置
    ssl_certificate   /usr/local/nginx/conf/ssl/example.com.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/example.com.key;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  5m;
    ssl_ciphers          HIGH:!aNULL:!MD5;
    ssl_protocols        TLSv1.1 TLSv1.2;

    # http2
    listen       443 ssl http2;
    ssl_certificate     /usr/local/nginx/conf/ssl/example.com.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/example.com.key;

阿里云签发Symantec ssl证书

申领

阿里云 -ssl证书- 个人免费域名

nginx 配置

cd /usr/local/nginx/conf/cert
unzip 1812709_attacker.club_nginx.zip

vi /usr/local/nginx/conf/vhosts/attacker.conf

server {
    server_name www.attacker.club attacker.club;

    location /getip {
    default_type application/json;
    return 200 '{"date":"$time_local","ip":"$remote_addr","type":"nginx json"}';
    # 返回客户端ip地址；如:attacker.club/getip
}
    rewrite ^(.*)/$  https://attacker.club permanent;
    # 重定向到https
}

server {
    server_name attacker.club;
    root /www/django_xxx;


 # http2
    listen       443 ssl http2;
    ssl_certificate      /usr/local/nginx/conf/cert/1812709_attacker.club.pem;
    ssl_certificate_key  /usr/local/nginx/conf/cert/1812709_attacker.club.key;


    location /static {
        expires 6;
        #本地浏览器缓存
    }


     location  /robots.txt {
     alias  /www/robots.txt;
     # 定义爬虫
}

     # Dynamic content
     location / {
     proxy_pass http://127.0.0.1:9001;
    # proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header   X-Real-IP        $remote_addr;
     proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    }

     access_log  /usr/local/nginx/logs/attacker.log; #指定日志
}

本文参与腾讯云自媒体分享计划，分享自作者个人站点/博客。

原始发表：2019年2月14日，如有侵权请联系 cloudcommunity@tencent.com 删除

nginx