The beginning of the text: (red text is the key command)
Here is how to generate a certificate for the Linux system through the openssl command
Create a directory for storing certificates, this directory can be customized
cd /etc/nginx
mkdir key
cd key
Run the following command to generate a key
openssl genrsa -des3 -out ssl.key 4096
Then he will ask you to enter the password of this key file. Input is not recommended. Because nginx will be used in the future. Every time you reload nginx configuration, you must verify the PAM password.
Because the password must be entered when generating. You can delete it after typing.
mv ssl.key xxx.key
openssl rsa -in xxx.key -out ssl.key
rm xxx.key
and then generate a certificate request file based on this key file
openssl req -new -key ssl.key -out ssl.csr
There are many things to fill in when the above command is generated:
Finally , generate crt certificate files based on these 2 files ( ssl .key ssl .csr)
openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt
Here 365 is the validity period of the certificate. 3650 haha is recommended. Everyone is free. The last files used are the key and crt files.
Add the following configuration to the server node of the nginx configuration file that needs to use the certificate.
server {
listen 443; #https uses port 443 by default
server_name 0.0.0.0 ; #Replace 0.0.0.0 with your website domain name or ip
ssl on;
ssl_certificate /etc/nginx/key/ssl.crt;
ssl_certificate_key /etc/nginx/key/ssl.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
... custom configuration, refer to blog:
}
Then restart nginx and you're done