Nginx ssl

Others 2022-04-23 02:49:19 views: 0


Nginx configures the ssl certificate (intermediate certificate)
Configure the ssl certificate under Nginx, the default configuration file, normal access in the pc browser, cannot be authenticated in the mobile browser
--------------- ---------------------------------------------------------
http:/ /blog.csdn.net/gudufeiyang/article/details/58603402
======================================= ===========================




1) Generate the certificate here Let's Encrypt

https://www.sslforfree.com/create?generate&domains=www.bookshare.cc%20cloud.bookshare.cc%20api.cloud.bookshare.cc%20api.bookshare.cc%20static.bookshare.cc%20passport.bookshare.cc%20console.bookshare.cc

From this website, you can finally get sslforfree.zip

There are three files inside:  server certificate certificate.crt    | CA certificate ca_bundle.crt    |   private.key


2) SSL tool
download intermediate certificate and get chain.crt

https://www.myssl.cn/tools/downloadchain.html

Then on this website, the input is: the above server certificate content certificate.crt

You will get two files: intermediate certificate chain.crt , root certificate root.crt


3) Synthesize the content in certificate.crt and chain.crt to get certificate-all.crt


server{
  listen 443 ssl;
  charset utf-8;
  server_name cloud.bookshare.cc api.cloud.bookshare.cc api.bookshare.cc static .bookshare.cc passport.bookshare.cc console.bookshare.cc;
  ssl on; 
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
#ssl_dhparam /opt/dhparam/keys/dhparams.pem;
  ssl_certificate /usr/local/openresty/nginx/conf/sslforfree/ certificate-all.crt ;
  ssl_certificate_key /usr/local/openresty/nginx/conf/sslforfree/ private.key ;
}

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325409735&siteId=291194637
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com