Nginx通过OpenSSL配置Https及二级虚拟目录
1、创建私钥秘钥和证书
<span class="token function">mkdir</span> -p /usr/local/nginx/conf/ssl/ <span class="token builtin class-name">cd</span> /usr/local/nginx/conf/ssl/ openssl genrsa -des3 -out server.key <span class="token number">1024</span> openssl req -new -key server.key -out server.csr openssl x509 -req -days <span class="token number">365</span> -in server.csr -signkey server.key -out server.crt<span class="token function">mkdir</span> -p /usr/local/nginx/conf/ssl/ <span class="token builtin class-name">cd</span> /usr/local/nginx/conf/ssl/ openssl genrsa -des3 -out server.key <span class="token number">1024</span> openssl req -new -key server.key -out server.csr openssl x509 -req -days <span class="token number">365</span> -in server.csr -signkey server.key -out server.crtmkdir -p /usr/local/nginx/conf/ssl/ cd /usr/local/nginx/conf/ssl/ openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
2、报错处理:密码错误
SSL_CTX_use_PrivateKey_file("/etc/nginx/key/server.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)SSL_CTX_use_PrivateKey_file("/etc/nginx/key/server.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)SSL_CTX_use_PrivateKey_file("/etc/nginx/key/server.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
# 输入一次私钥的密码 openssl rsa -in server.key -out unserver.key cp unserver.key server.key # 重启nginx# 输入一次私钥的密码 openssl rsa -in server.key -out unserver.key cp unserver.key server.key # 重启nginx# 输入一次私钥的密码 openssl rsa -in server.key -out unserver.key cp unserver.key server.key # 重启nginx
3、配置Nginx
server <span class="token punctuation">{<!-- --></span> listen <span class="token number">443</span> ssl<span class="token punctuation">;</span> server_name localhost<span class="token punctuation">;</span> ssl on<span class="token punctuation">;</span> ssl_certificate /usr/local/nginx/conf/ssl/server.crt<span class="token punctuation">;</span> ssl_certificate_key /usr/local/nginx/conf/ssl/server.key<span class="token punctuation">;</span> ssl_session_timeout 5m<span class="token punctuation">;</span> ssl_ciphers HIGH:<span class="token operator">!</span>aNULL:<span class="token operator">!</span>MD5<span class="token punctuation">;</span> ssl_prefer_server_ciphers on<span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> root /www<span class="token punctuation">;</span> index index.html index.htm<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>server <span class="token punctuation">{<!-- --></span> listen <span class="token number">443</span> ssl<span class="token punctuation">;</span> server_name localhost<span class="token punctuation">;</span> ssl on<span class="token punctuation">;</span> ssl_certificate /usr/local/nginx/conf/ssl/server.crt<span class="token punctuation">;</span> ssl_certificate_key /usr/local/nginx/conf/ssl/server.key<span class="token punctuation">;</span> ssl_session_timeout 5m<span class="token punctuation">;</span> ssl_ciphers HIGH:<span class="token operator">!</span>aNULL:<span class="token operator">!</span>MD5<span class="token punctuation">;</span> ssl_prefer_server_ciphers on<span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> root /www<span class="token punctuation">;</span> index index.html index.htm<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>server { listen 443 ssl; server_name localhost; ssl on; ssl_certificate /usr/local/nginx/conf/ssl/server.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/server.key; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /www; index index.html index.htm; } }
会出现隐私设置错误,继续访问就可以
server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name localhost<span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> root /www<span class="token punctuation">;</span> index index.html index.htm<span class="token punctuation">;</span> <span class="token punctuation">}</span> location /data/ <span class="token punctuation">{<!-- --></span> proxy_pass http://127.0.0.1:5003/<span class="token punctuation">;</span> proxy_set_header Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name localhost<span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> root /www<span class="token punctuation">;</span> index index.html index.htm<span class="token punctuation">;</span> <span class="token punctuation">}</span> location /data/ <span class="token punctuation">{<!-- --></span> proxy_pass http://127.0.0.1:5003/<span class="token punctuation">;</span> proxy_set_header Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>server { listen 80; server_name localhost; location / { root /www; index index.html index.htm; } location /data/ { proxy_pass http://127.0.0.1:5003/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
5、报错:nginx:[emerg]unknown directive “ssl”
yum -y <span class="token function">install</span> openssl openssl-devel ./configure --with-http_ssl_module <span class="token function">make</span> <span class="token function">cp</span> /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak <span class="token function">cp</span> objs/nginx /usr/local/nginx/sbin/nginx nginx -t nginx -s reloadyum -y <span class="token function">install</span> openssl openssl-devel ./configure --with-http_ssl_module <span class="token function">make</span> <span class="token function">cp</span> /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak <span class="token function">cp</span> objs/nginx /usr/local/nginx/sbin/nginx nginx -t nginx -s reloadyum -y install openssl openssl-devel ./configure --with-http_ssl_module make cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak cp objs/nginx /usr/local/nginx/sbin/nginx nginx -t nginx -s reload
6、js后加?v=版本号 可以起到刷新缓存的作用
例如:
https://localhost/static/main.js?v=20191227https://localhost/static/main.js?v=20191227https://localhost/static/main.js?v=20191227
每次更新的时候修改版本号,通知浏览器获取新的文件
修改DNS映射
<span class="token function">vim</span> /etc/hosts <span class="token number">127.0</span>.0.1 www.mysite.com<span class="token function">vim</span> /etc/hosts <span class="token number">127.0</span>.0.1 www.mysite.comvim /etc/hosts 127.0.0.1 www.mysite.com
部署HTTP
vim www.mysite.com.conf
server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name www.mysite.com<span class="token punctuation">;</span> root /Users/workspace/www/www.mysite.com<span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> index index.html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name www.mysite.com<span class="token punctuation">;</span> root /Users/workspace/www/www.mysite.com<span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> index index.html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>server { listen 80; server_name www.mysite.com; root /Users/workspace/www/www.mysite.com; location / { index index.html; } }
升级为HTTPS
vim www.mysite.com.conf
server <span class="token punctuation">{<!-- --></span> listen <span class="token number">443</span> ssl<span class="token punctuation">;</span> server_name www.mysite.com<span class="token punctuation">;</span> ssl_certificate /usr/local/etc/nginx/ssl/server.crt<span class="token punctuation">;</span> ssl_certificate_key /usr/local/etc/nginx/ssl/server.key<span class="token punctuation">;</span> root /Users/workspace/www/www.mysite.com<span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> index index.html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>server <span class="token punctuation">{<!-- --></span> listen <span class="token number">443</span> ssl<span class="token punctuation">;</span> server_name www.mysite.com<span class="token punctuation">;</span> ssl_certificate /usr/local/etc/nginx/ssl/server.crt<span class="token punctuation">;</span> ssl_certificate_key /usr/local/etc/nginx/ssl/server.key<span class="token punctuation">;</span> root /Users/workspace/www/www.mysite.com<span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> index index.html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span>server { listen 443 ssl; server_name www.mysite.com; ssl_certificate /usr/local/etc/nginx/ssl/server.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; root /Users/workspace/www/www.mysite.com; location / { index index.html; } }
问题:
输入nginx -t,提示要求输入密码
Enter PEM pass phrase
可以生成一个key来替代密码输入
openssl rsa -in server.key -out server.key.unsecureopenssl rsa -in server.key -out server.key.unsecureopenssl rsa -in server.key -out server.key.unsecure
修改配置
# ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; ssl_certificate_key /usr/local/etc/nginx/ssl/server.key.unsecure;# ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; ssl_certificate_key /usr/local/etc/nginx/ssl/server.key.unsecure;# ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; ssl_certificate_key /usr/local/etc/nginx/ssl/server.key.unsecure;
此时,文件夹下应该有4个文件
<span class="token function">ls</span> server.crt server.key server.csr server.key.unsecure<span class="token function">ls</span> server.crt server.key server.csr server.key.unsecurels server.crt server.key server.csr server.key.unsecure
原文链接:https://blog.csdn.net/mouday/article/details/103755523
© 版权声明
声明📢本站内容均来自互联网,归原创作者所有,如有侵权必删除。
本站文章皆由CC-4.0协议发布,如无来源则为原创,转载请注明出处。
THE END
