环境:
MacOS (v10.13.6)
浏览器:谷歌(chrome)v80
参考链接:
1、创建ssl证书
当前目录新建文件:sslConfigureFile.conf
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = NY
localityName = Locality Name (eg, city)
localityName_default = New York
organizationName = Organization Name (eg, company)
organizationName_default = Example, LLC
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Company
emailAddress = Email Address
emailAddress_default = test@example.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = test.abc.com(你的域名)
2、当前目录执行命令:
openssl req -config sslConfigureFile.conf -new -sha256 -newkey rsa:2048 -nodes -keyout ssl.key -x509 -days 365 -out ssl.crt
3、城市国家信息随便填,common要填写你的域名,同上面的DNS.1,此时当前目录会生成 ssl.key 与 ssl.crt,绝对路径分别为:
/Users/zx/sslFile/ssl.key
/Users/zx/sslFile/ssl.crt
2、Nginx配置:
sudo vim /usr/local/etc/nginx/nginx.conf
定位到https的配置项
# HTTPS server
#
server {
listen 443 ssl;
server_name test.abc.com;#对应配置文件以及common中设置的https访问域名
ssl on;
ssl_certificate /Users/zx/sslFile/ssl.crt;
ssl_certificate_key /Users/zx/sslFile/ssl.key;
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8080;#这里是被映射的本地服务
# root html;
# index index.html index.htm;
}
}
3、证书本机授权设置:
点击证书:
拖动图标到桌面:
双击桌面图标:
设置始终信任:
最终刷新页面即可。
补充:mac下Nginx安装:
官网下载的安装包,macOS好像只支持make编译后安装,所以使用了应用商店的老版本,好处是安装速度快,测试对版本要求也不高:
zxdeMacBook-Pro:~ zx$ brew install nginx
==> nginx
Docroot is: /usr/local/var/www
The default port has been set in /usr/local/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.
nginx will load all files in /usr/local/etc/nginx/servers/.
To have launchd start nginx now and restart at login:
brew services start nginx
Or, if you don't want/need a background service you can just run:
nginx
#上面安装过程显示了配置文件的位置,这里可以选择查看并编辑它
zxdeMacBook-Pro:~ zx$sudo vim /usr/local/etc/nginx/nginx.conf
#启动
zxdeMacBook-Pro:~ zx$ sudo nginx
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/etc/nginx/nginx.conf:42
#停止
zxdeMacBook-Pro:~ zx$ sudo nginx -s stop