局域网内通过https访问web端
环境
Centos系统
Nginx服务
mkcert自签证书工具
下载:
链接: https://pan.baidu.com/s/1PAtNG4cTassqa-9IgWTnrA 提取码: f8xb
链接:https://pan.baidu.com/s/1ZOIpWiQxHM5YW9W9yHI1Lw?pwd=vfv2
提取码:vfv2
生成证书操作流程
1.将安装文件mkcert-v1.4.3-linux-amd64拷贝到linux服务器上
2.cd到文件目录下
3.对文件进行授权:chmod +x mkcert-v1.4.3-linux-amd64
4.安装根证书:./mkcert-v1.4.3-linux-amd64 -install
5.执行./mkcert-v1.4.3-linux-amd64 -CAROOT 查询CA证书目录,并将pem文件拷贝出来,如示例rootCA.pem
6.执行./mkcert-v1.4.3-linux-amd64 192.168.99.56,签发本地证书,分别为192.168.99.56.pem/192.168.99.56-key.pem
7.nginx目录创建cer目录,将192.168.99.56.pem/192.168.99.56-key.pem拷贝到目录中,进行nginx配置ssl访问
server {
listen 443 ssl;
server_name localhost;
ssl_certificate cer/192.168.99.56.pem;
ssl_certificate_key cer/192.168.99.56-key.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
8.将第5步的rootCA.pem根证书,增加扩展名改为rootCA.pem.cer,拷贝到需要访问https的windows电脑上
9.双击rootCA.pem.cer文件–安装证书–下一步–将所有证书都放入下列存储,浏览选择收信人的根证书颁发机构–下一步–完成
通过浏览器访问
代理到其它http服务器上配置
server {
listen 2443 ssl;
server_name localhost;
ssl_certificate cer/192.168.99.56.pem;
ssl_certificate_key cer/192.168.99.56-key.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
root html;
proxy_pass http://192.168.99.56:10004;
}
}
强制http转https
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1;
location / {
index index.html index.htm;
}
}