由于公司项目需要配置http转为https访问,有很多种方式,下面是关于运用nginx配置https
1)首先安装openssl :http://slproweb.com/products/Win32OpenSSL.html 下载地址
2)配置变量:
key: OPENSSL_HOME value:c:\OpenSSL-Win64\bin; (安装目录)
在path变量结尾添加如下 : %OPENSSL_HOME%
3)证书:
a.创建ssl文件夹存放证书
b.私钥:openssl genrsa -des3 -out pri.key 1024 记住输入的密码
c. csr证书:openssl req -new -key pri.key -out pri.csr
d.如果不想每次建立连接就输入密码:就把密码去掉。首先:copy pri.key pri.key.org 复制一份key,去除命令:openssl rsa -in pri.key.org -out pri.key 输入a的密码
e.crt证书:openssl x509 -req -days 365 -in lee.csr -signkey lee.key -out lee.crt
4)配置nginx.conf
# HTTPS server
server {
listen 443 ssl;
server_name www.intranet.com;
ssl_certificate D:/nginx/nginx-1.15.6/ssl/pri.crt;
ssl_certificate_key D:/nginx/nginx-1.15.6/ssl/pri.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://192.168.1.1:8080;
}
}
5)start nginx(启动)
6)停止:nginx.exe -s stop / taskkill /f /im nginx.exe/ 查出pid号:tasklist /fi "imagename eq nginx.exe" 然后 处理pid:taskkill /f /pid pid号