当前位置:
  1. 首页
  2. nginx
  3. 正文
本文介绍: nginx

作用:SSL证书卸载

1、制作证书

openssl genrsades3 –out server.key 2048
openssl reqnewkey server.key –out server.csr
openssl rsain server.key –out server.key
openssl x509 –reqdays 3650 –in server.csrsignkey server.key –out server.crt

放在指定目录比如 /usr/local/cert

TODO 其他证书制作方式

2、配置nginx https证书

nginx.conf文件,注意proxy_pass后面的斜杠,加和不加效果不一样

    server {
        listen 443 ssl;
        server_name  localhost;

        ssl_certificate /usr/local/cert/server.crt;
        ssl_certificate_key /usr/local/cert/server.key;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSV1.1 TLSV1.2 SSLv2 SSLv3;
        ssl_prefer_server_ciphers on;
        
        location /test1 {
            proxy_pass http://192.168.137.201:8081/;
        }
        
        location /test2 {
            proxy_pass http://192.168.137.201:8082/;
        }
        
    }

3、配置nginx wss证书

http://nginx.org/en/docs/http/websocket.html

ws:8050 -> 8060

    server {
        listen 8050;
        server_name localhost;
        location / {
            proxy_pass http://172.16.1.127:8060/;
            proxy_http_version 1.1;
            proxy_read_timeout 3600s;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
    }

wss:8450 -> 8460   证书https的一样

map $http_upgrade $connection_upgrade {
    default upgrade;
    ” close;
}

    server {
        listen 8450 ssl;
        server_name localhost;

        ssl_certificate /usr/local/cert/server.crt;
        ssl_certificate_key /usr/local/cert/server.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location / {
            proxy_pass http://172.16.1.127:8460/;
            proxy_http_version 1.1;
            proxy_read_timeout 3600s;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
    }

可以使用wscat测试

显示所有内容
上一篇 Nginx详解 五:反向代理
下一篇 关于若依框架发布服务器,点击刷新、退出报404和nginx欢迎页面问题解决

相关文章

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注

插入图片
浏览器会保存昵称、邮箱和网站cookies信息,下次评论时使用。