Under Linux configuration nginx443 port and use openssl to generate a certificate

Centos6.x / Centos7.x are available, tomcat has been launched at this time, two projects for the 8080,8082 ports

yum install openssl nginx -y

# Generate an RSA private key

openssl genrsa -des3 -out server.key 2048

# Des3 is an algorithm

# 2048 digits / strength

# Server.key key file name

# -Out: the path and file name generation

openssl req -new -key server.key -out server.csr

# -Key: Specifies the private key ca

# -Out: server.csr generate a certificate file

# Asking to fill in the following information:

Country Name (2 letter code) []:CN                     // 国家

State or Province Name (full name) []:BJ            // 省份

Locality Name (eg, city) []: BJ // city

Organization Name (eg, company) []: bj // Organization

Organizational Unit Name (eg, section) []: bj // institutional sector

Common Name (eg, fully qualified host name) []:XXXX.com     // 域名

Email Address []: [email protected] // E-mail address

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []: // certificate password, no password Enter

# Generates two files server.key server.csr

# Generated CA certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# X509: specified format

# -In: Specifies the request file

# -Signkey: Self-signed

# Generate a file for the server.crt

cp server.key server.csr server.crt /etc/nginx

vim /etc/nginx/conf.d/default.conf

upstream xxxx_upstream {

server 127.0.0.1:8082;

}

upstream yyyy_upstream {

server 127.0.0.1:8080;

}

server {

listen 80 default_server;

listen [::]:80 default_server;

server_name your domain name;

root /usr/share/nginx/html;

# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

location / {

}

location /xxxx {

proxy_set_header Host $http_host;

proxy_set_header X-Real-Ip $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_pass http://xxxx_upstream/xxxx;

}

location /yyyy {

proxy_set_header Host $http_host;

proxy_set_header X-Real-Ip $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_pass http://yyyy_upstream/yyyy;

}

error_page 404 /404.html;

location = /40x.html {

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

server{

listen 443;

server_name your domain name;

ssl on;

root /usr/share/nginx/html;

ssl_certificate server.crt;

ssl_certificate_key server.key;

 

location /xxxx {

proxy_set_header Host $http_host;

proxy_set_header X-Real-Ip $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_pass http://xxxx_upstream/xxxx;

}

location /yyyy {

proxy_set_header Host $http_host;

proxy_set_header X-Real-Ip $remote_addr;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_pass http://yyyy_upstream/yyyy;

}

}

Note: The above configuration file xxxx, yyyy replace their own path corresponding to copy and paste the desired format align itself when

nginx -t

nginx -s reload

# You can use the domain name visit https +

# Pro-test no pit!