mkdir /usr/local/openresty/nginx/conf/ssl
cd /usr/local/openresty/nginx/conf/ssl
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Gd/L=SZ/O=od.com/CN=harbor.od.com"
openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650
服務一:靜態站點
mkdir /var/www/html -p
echo 80 >/var/www/html/index.html
服務二:反向代理站點
python3 -m http.server &
-
場景1
# /usr/local/openresty/nginx/conf/ssl.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; server { listen 80; server_name harbor.od.com; return 301 https:$server_name$request_uri; } server { listen 443 ssl; server_name harbor.od.com; root /var/www/html; ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key; } }
/usr/local/openresty/nginx/sbin/nginx -c /usr/local/openresty/nginx/conf/ssl.conf -t
-
場景2
# /usr/local/openresty/nginx/conf/ssl.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; server { listen 80; server_name harbor.od.com; return 301 https:$server_name$request_uri; } server { listen 443 ssl; server_name harbor.od.com; root /var/www/html; ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key; } server { listen 8080; server_name harbor.od.com; return 301 https:$server_name:1443$request_uri; } server { listen 1443 ssl; server_name harbor.od.com; ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key; location / { proxy_pass http://127.0.0.1:8000; } } }
-
場景3
# /usr/local/openresty/nginx/conf/ssl.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; server { listen 80; server_name harbor.od.com; return 301 https:$server_name$request_uri; } server { listen 443 ssl; server_name harbor.od.com; ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key; location / { root /var/www/html; } location /api { proxy_pass http://127.0.0.1:8000; } } }
免費的ssl證書 https://linuxiac.com/zerossl-how-to-install-ssl-certificate/