1、openssl
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
ssl_certificate /path/to/server.crt;
ssl_certificate_key /path/to/server.key;
server {
listen 8081 ssl;
#填写绑定证书的域名
#证书文件名称
ssl_certificate server.crt;
#私钥文件名称
ssl_certificate_key server.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location ^~ /api/{
proxy_pass http://localhost:8090/;
}
}
2、mkcert
https://cloud.tencent.com/developer/article/2191785