ssl

mingtian是吧發表於2024-04-29
mkdir /usr/local/openresty/nginx/conf/ssl 
cd /usr/local/openresty/nginx/conf/ssl 
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Gd/L=SZ/O=od.com/CN=harbor.od.com"
openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650

服務一:靜態站點

mkdir /var/www/html -p
echo 80 >/var/www/html/index.html

服務二:反向代理站點

python3 -m http.server &
  • 場景1

    # /usr/local/openresty/nginx/conf/ssl.conf
    worker_processes  1;
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
        
        server {
            listen 80;
            server_name harbor.od.com;
            return 301 https:$server_name$request_uri;
        }
    
        server {
            listen 443 ssl;
            server_name harbor.od.com;
            root /var/www/html;
    
            ssl_certificate ssl/server.crt;
            ssl_certificate_key ssl/server.key;
        }
    }
    
    /usr/local/openresty/nginx/sbin/nginx -c /usr/local/openresty/nginx/conf/ssl.conf -t 
    
  • 場景2

    # /usr/local/openresty/nginx/conf/ssl.conf
    worker_processes  1;
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
        
        server {
            listen 80;
            server_name harbor.od.com;
            return 301 https:$server_name$request_uri;
        }
    
        server {
            listen 443 ssl;
            server_name harbor.od.com;
            root /var/www/html;
    
            ssl_certificate ssl/server.crt;
            ssl_certificate_key ssl/server.key;
        }
        server {
            listen 8080;
            server_name harbor.od.com;
            return 301 https:$server_name:1443$request_uri;
        }
    
        server {
            listen 1443 ssl;
            server_name harbor.od.com;
    
            ssl_certificate ssl/server.crt;
            ssl_certificate_key ssl/server.key;
            location / {
            	proxy_pass http://127.0.0.1:8000;
            }
        }
    }
    
  • 場景3

    # /usr/local/openresty/nginx/conf/ssl.conf
    worker_processes  1;
    
    events {
        worker_connections  1024;
    }
    
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
        
        server {
            listen 80;
            server_name harbor.od.com;
            return 301 https:$server_name$request_uri;
        }
    
        server {
            listen 443 ssl;
            server_name harbor.od.com;
    
    
            ssl_certificate ssl/server.crt;
            ssl_certificate_key ssl/server.key;
            location / {
            	root /var/www/html;
            }
    		location /api {
            	proxy_pass http://127.0.0.1:8000;
            }
        }
    }
    

免費的ssl證書 https://linuxiac.com/zerossl-how-to-install-ssl-certificate/

相關文章