Article directory
-
- 1. Use openssl to create a server private key (you need to enter a password, please remember this password) to generate an RSA key
- 2. Generate a certificate request
- 3. Use the following command to delete the password in the private key, otherwise you will be asked to verify the PAM password every time you reload nginx configuration.
- 4. The following command generates a self-signed certificate
- 5. Copy server.crt and server.key to the ssl folder in the conf directory of Nginx
- 6. Add certificates and related configurations to the nginx.conf configuration.
- 7. The appearance appears. Even though it is https, it still shows that it is unsafe because it is self-signed.
提示:首先要安装openssl的服务,现在centos默认都会安装该服务。
1. Use openssl to create a server private key (you need to enter a password, please remember this password) to generate an RSA key
First create a directory, such as the ssl directory, and execute the following code. 2048 represents the length of the private key. If configured to 1024, it will prompt that the secret key is too short. It is recommended that the minimum length is 2048 bits.
openssl genrsa -des3 -out server.key 2048
2. Generate a certificate request
openssl req -new -key server.key -out server.csr
The password entered in the previous step is required here.
You need to enter the country, region, organization, and email in order. The most important thing is to have a common name, which can be your name or domain name.
3. Use the following command to delete the password in the private key, otherwise you will be asked to verify the PAM password every time you reload nginx configuration.
openssl rsa -in server.key -out server.key
4. The following command generates a self-signed certificate
openssl x509 -req -days 3650 -sha256 -in server.csr -signkey server.key -out server.crt
5. Copy server.crt and server.key to the ssl folder in the conf directory of Nginx
提示:放置在别的文件夹也是可以的,不过就要写全路径了,放在conf下面,可以配置相对路径,这个在下面的配置中可以看到。
6. Add certificates and related configurations to the nginx.conf configuration.
It mainly corresponds to the parts in the server, and other parts can be configured as usual.
server {
listen 443 ssl;
server_name localhost;
charset utf-8;
#ssl证书
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
location / {
root html;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name localhost;
#将请求转成https
rewrite ^(.*)$ https://$host$1 permanent;
}