1:创建私钥 长度2048
openssl genrsa -out privkey.pem 2048
##完成后会在当前目录生成私钥文件
2:自己制作证书
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
需要输入信息如下
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /home/nginx/certs/cacert.pem;
ssl_certificate_key /home/nginx/certs/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#charset koi8-r;
#access_log logs/host.access.log main;
#access_log "pipe:rollback logs/host.access_log interval=1d baknum=7 maxsize=2G" main;
location / {
proxy_pass http://local_tomcat;
}
.........................
}