Nginx通过OpenSSL创建自签名证书配置HTTPS及二级目录

Nginx通过OpenSSL配置Https及二级虚拟目录

1、创建私钥秘钥和证书

mkdir -p /usr/local/nginx/conf/ssl/ cd /usr/local/nginx/conf/ssl/  openssl genrsa -des3 -out server.key 1024  openssl req -new -key server.key -out server.csr  openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 

2、报错处理：密码错误

SSL_CTX_use_PrivateKey_file("/etc/nginx/key/server.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 

# 输入一次私钥的密码 openssl rsa -in server.key -out unserver.key cp unserver.key server.key # 重启nginx 

3、配置Nginx

server { listen 443 ssl; server_name localhost; ssl on; ssl_certificate /usr/local/nginx/conf/ssl/server.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/server.key; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;  location / { root /www; index index.html index.htm; } } 

会出现隐私设置错误，继续访问就可以

server { listen 80; server_name localhost;  location / { root /www; index index.html index.htm; }     location /data/ { proxy_pass http://127.0.0.1:5003/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } 

5、报错：nginx:[emerg]unknown directive “ssl”

 yum -y install openssl openssl-devel ./configure --with-http_ssl_module  make  cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak  cp objs/nginx /usr/local/nginx/sbin/nginx  nginx -t nginx -s reload 

6、js后加?v=版本号 可以起到刷新缓存的作用

例如：

https://localhost/static/main.js?v=20191227 

每次更新的时候修改版本号，通知浏览器获取新的文件

修改DNS映射

vim /etc/hosts 127.0.0.1 www.mysite.com 

部署HTTP

vim www.mysite.com.conf

server { listen 80; server_name www.mysite.com; root /Users/workspace/www/www.mysite.com; location / { index index.html; } } 

升级为HTTPS

vim www.mysite.com.conf

server { listen 443 ssl; server_name www.mysite.com; ssl_certificate /usr/local/etc/nginx/ssl/server.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; root /Users/workspace/www/www.mysite.com; location / { index index.html; } } 

问题：

输入nginx -t，提示要求输入密码

Enter PEM pass phrase

可以生成一个key来替代密码输入

openssl rsa -in server.key -out server.key.unsecure 

修改配置

# ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; ssl_certificate_key /usr/local/etc/nginx/ssl/server.key.unsecure; 

此时，文件夹下应该有4个文件

ls server.crt server.key server.csr server.key.unsecure 

原文链接：https://blog.csdn.net/mouday/article/details/103755523