1、制作证书
openssl genrsa –des3 –out server.key 2048
openssl req –new –key server.key –out server.csr
openssl rsa –in server.key –out server.key
openssl x509 –req –days 3650 –in server.csr –signkey server.key –out server.crt
2、配置nginx https证书
nginx.conf文件,注意proxy_pass后面的斜杠,加和不加效果不一样
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/cert/server.crt;
ssl_certificate_key /usr/local/cert/server.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSV1.1 TLSV1.2 SSLv2 SSLv3;
ssl_prefer_server_ciphers on;
location /test1 {
proxy_pass http://192.168.137.201:8081/;
}
location /test2 {
proxy_pass http://192.168.137.201:8082/;
}
}
3、配置nginx wss证书
http://nginx.org/en/docs/http/websocket.html
server {
listen 8050;
server_name localhost;
location / {
proxy_pass http://172.16.1.127:8060/;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
wss:8450 -> 8460 证书和https的一样
map $http_upgrade $connection_upgrade {
default upgrade;
” close;
}
server {
listen 8450 ssl;
server_name localhost;
ssl_certificate /usr/local/cert/server.crt;
ssl_certificate_key /usr/local/cert/server.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://172.16.1.127:8460/;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
原文地址:https://blog.csdn.net/yhtppp/article/details/130631340
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。
如若转载,请注明出处:http://www.7code.cn/show_14427.html
如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱:suwngjj01@126.com进行投诉反馈,一经查实,立即删除!
