声明:这是我在大学毕业后进入第一家互联网工作学习的内容
申请地址
https://freessl.cn/
申请步骤
选择需要申请SSL证书域名
选择证书类型并创建
下载KeyManager客户端
DNS验证
导出证书
配置证书
Nginx配置
解压证书并放到服务器文件里,解压完的文件有2个:xxx.crt、xxx.key
[root@nginx CA]#cd /CA
[root@nginx CA]# ll
total 8
-rw-r--r-- 1 root root 3570 Apr 30 14:15 xxx.crt
-rw-r--r-- 1 root root 1679 Apr 30 14:15 xxx.key
配置nginx.conf 添加此证书
server {
listen 443 ssl http2;
server_name xxx.com;
root /usr/share/nginx/html;
ssl_certificate "/ca/xxx.crt";
ssl_certificate_key "/ca/xxx.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://172.31.22.31:8082;
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
client_max_body_size 100m;
client_body_buffer_size 100m;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
添加完成后需要重启nginx
nginx -s stop
nginx
kubernetes集群添加证书
[root@dev-master-01 CA]#cd /CA
[root@dev-master-01 CA]# ll
total 8
-rw-r--r-- 1 root root 3570 Apr 30 14:15 xxx.crt
-rw-r--r-- 1 root root 1679 Apr 30 14:15 xxx.key
kubectl create secret tls xxx.com --cert=xxx.crt --key=xxx.key
腾讯云平台添加证书
登陆腾讯云
https://console.cloud.tencent.com/ssl
上传证书保存即可
版权声明:
原创不易,洗文可耻。除非注明,本博文章均为原创,转载请以链接形式标明本文地址。