1、生成密钥 首先下载http://slproweb.com/products/Win32OpenSSL.html (根据系统选择32位或者64位版本下载安装),我下载的是:Win64OpenSSL_Light-1_1_1m.exe,然后执行命令
openssl genrsa -des3 -out biznginxssl.key 1024
2、生成证书签名请求
openssl req -new -key biznginxssl.key -out biznginxssl.csr
Enter pass phrase for biznginxssl.key:123456
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GD
Locality Name (eg, city) []:GZ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FCC
Organizational Unit Name (eg, section) []:FCC
Common Name (e.g. server FQDN or YOUR name) []:BIZFCC
Email Address []:fcclzydouble@163.com
Please enter the following 'extra' attributes
A challenge password []:123456
An optional company name []:FCC
3、去除密码
openssl rsa -in biznginxssl.key.bak -out biznginxssl.key
4、生成证书
openssl x509 -req -days 3650 -in biznginxssl.csr -signkey biznginxssl.key -out biznginxssl.crt
Signature ok
subject=C = CN, ST = GD, L = GZ, O = FCC, OU = FCC, CN = BIZFCC, emailAddress = fcclzydouble@163.com
Getting Private key
5、配置nginx
server {
listen 443 ssl;
server_name localhost;
ssl_certificate D:/bzyyMgr/nginx-1.20.2/ssl/biznginxssl.crt;
ssl_certificate_key D:/bzyyMgr/nginx-1.20.2/ssl/biznginxssl.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1440m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://myapp;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_send_timeout 18000;
proxy_read_timeout 18000;
proxy_connect_timeout 18000;
}
}
6、把nginx 中的80端口重定向到443
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
7、最后效果如下图