1.生成证书
# 创建用于服务签名的根证书和私钥
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=nginx Inc./CN=nginx.test.com' -keyout nginx.root.key -out nginx.root.crt
# 为 httpbin.example.com 创建证书和私钥
openssl req -out nginx.test.com.csr -newkey rsa:2048 -nodes -keyout nginx.test.com.key -subj "/CN=nginx.test.com/O=nginx organization"
openssl x509 -req -sha256 -days 365 -CA nginx.root.crt -CAkey nginx.root.key -set_serial 0 -in nginx.test.com.csr -out nginx.test.com.crt
然后ls查看
2.配置Nginx
server {
#监听443端口
listen 443 ssl;
#你的域名
server_name nginx.test.com;
#ssl证书的pem文件路径
ssl_certificate /etc/nginx/conf/card/nginx.test.com.crt;
#ssl证书的key文件路径
ssl_certificate_key /etc/nginx/conf/card/nginx.test.com.key;
charset utf-8;
access_log /etc/nginx/logs/nginx_443.log access;
location /returnok {
return 200 "masker success https";
}
}
#http请求自动重订向https
server{
listen 80;
server_name nginx.test.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
测试:
参考:
Nginx配置Https(详细、完整) - huiblog - 博客园