一、生成nginx免费SSL证书
我的nginx是用docker运行的,首先下载nginx的镜像。
docker pull nginx
home目录下创建nginx文件夹,放置nginx配置文件。
nginx文件夹下创建cert目录,放置证书。
证书生成命令:
openssl req -new -x509 -nodes -days 3650 -out server.crt -keyout server.key
执行命令后生成了证书文件如下:
二、应用配置https
user root;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format log_access '$remote_addr - $remote_user [$time_local] "$request" $http_host '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$upstream_addr" "$upstream_status" $upstream_cache_status "$upstream_http_content_type" "$upstream_response_time" > $request_time ' ;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_body_timeout 20;
client_header_timeout 20;
keepalive_timeout 3000;
send_timeout 20;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml application/javascript application/octet-stream;
gzip_vary on;
server{
listen 443 ssl;
server_name 192.168.1.121;
ssl_certificate /home/nginx/cert/server.crt;
ssl_certificate_key /home/nginx/cert/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
server_tokens off;
keepalive_timeout 70;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /acsd {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.1.121:8080/;
client_max_body_size 10m;
}
location /acsd-web {
alias /home/acsd-front/dist/;
index index.html index.htm;
try_files $uri $uri/ /index.html =404;
}
location /static {
root /home/acsd-front/dist;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 8089;
server_name localhost 192.168.1.121;
rewrite ^(.*)$ https://$host$1 permanent;
}
}
三、启动docker容器
docker run --name nginx -p 8089:8089 -p 443:443 -d -v /home/nginx/nginx.conf:/etc/nginx/nginx.conf -v /home:/home nginx
四、测试
五、证书有效期