自签证书
生成证书
mkdir /usr/local/nginx/conf/ssl
cd !$
# 新建目录
openssl genrsa -des3 -out tmp.key 1024
# 输入密码后,再次重复输入确认密码
openssl rsa -in tmp.key -out example.com.key
# 转换key,取消密码
openssl req -new -key example.com.key -out example.com.csr
# 创建csr证书
openssl x509 -req -days 365 -in example.com.csr -signkey example.com.key -out example.com.pem
# 创建pem文件
nginx配置
listen 443 ssl;
server_name api.example.com;
# TLS 配置
ssl_certificate /usr/local/nginx/conf/ssl/example.com.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1.1 TLSv1.2;
# http2
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/example.com.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/example.com.key;
阿里云签发Symantec ssl证书
申领
阿里云 -ssl证书- 个人免费域名
nginx 配置
cd /usr/local/nginx/conf/cert
unzip 1812709_attacker.club_nginx.zip
vi /usr/local/nginx/conf/vhosts/attacker.conf
server {
server_name www.attacker.club attacker.club;
location /getip {
default_type application/json;
return 200 '{"date":"$time_local","ip":"$remote_addr","type":"nginx json"}';
# 返回客户端ip地址;如:attacker.club/getip
}
rewrite ^(.*)/$ https://attacker.club permanent;
# 重定向到https
}
server {
server_name attacker.club;
root /www/django_xxx;
# http2
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/cert/1812709_attacker.club.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/1812709_attacker.club.key;
location /static {
expires 6;
#本地浏览器缓存
}
location /robots.txt {
alias /www/robots.txt;
# 定义爬虫
}
# Dynamic content
location / {
proxy_pass http://127.0.0.1:9001;
# proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
access_log /usr/local/nginx/logs/attacker.log; #指定日志
}