nginx使用ssl模組配置HTTPS支援
一:生成證照
$ cd /usr/local/nginx/conf
建立伺服器私鑰,命令會讓你輸入一個口令:
$ openssl genrsa -des3 -out server.key 1024
建立簽名請求的證照(CSR):
$ openssl req -new -key server.key -out server.csr
在載入SSL支援的Nginx並使用上述私鑰時除去必須的口令:
$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key
二: 配置nginx
最後標記證照使用上述私鑰和CSR:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
修改Nginx配置檔案,讓其包含新標記的證照和私鑰:
server {
server_name localhost;
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;
}
重啟nginx。
另外還可以加入如下程式碼實現80埠重定向到443
server {
listen 80;
server_name ww.centos.bz;
rewrite ^(.*) permanent;
}
三: Apache HttpClient模擬https呼叫
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.apache.log4j.Logger;
public class SSLHttpClientFactory {
private static Logger logger = Logger.getLogger(SSLHttpClientFactory.class);
/**
* @description 獲取支援http,https兩種協議的httpClient
* @param
* @return
* @throws
*/
public static HttpClient wrapClient(HttpClient httpClient) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 443, ssf));
registry.register(new Scheme("http", 80, PlainSocketFactory
.getSocketFactory()));
ClientConnectionManager mgr = new PoolingClientConnectionManager(
registry);
return new DefaultHttpClient(mgr, httpClient.getParams());
} catch (Exception e) {
logger.error("封裝https client異常", e);
return httpClient;
}
}
}
=====================================================================
/**
* @description 傳送json請求,並返回結果
* @param url
* 請求地址
* @param jsonRequest
* 請求引數
* @return jsonResponse 返回結果
* @throws
*/
public static String sendJsonRequest(String url, String jsonRequest)
throws Exception {
logger.info("請求URL:" + url);
logger.info("請求引數:" + jsonRequest);
String jsonResponse = null;
httpClient = new DefaultHttpClient();
httpClient = SSLHttpClientFactory.wrapClient(httpClient );
postMethod = new HttpPost(url);
StringEntity entity = new StringEntity(jsonRequest, "UTF-8");
entity.setContentEncoding(new BasicHeader(HTTP.CONTENT_ENCODING,
Consts.UTF_8.toString()));
entity.setContentType(new BasicHeader(HTTP.CONTENT_TYPE,
"application/json;charset=UTF-8"));
postMethod.setEntity(entity);
postMethod.getParams().setParameter(
CoreProtocolPNames.USER_AGENT,
System.getProperty("os.name") + "(version "
+ System.getProperty("os.version") + " "
+ System.getProperty("os.arch") + ") "
+ System.getProperty("user.language"));
//新增頭資訊告訴服務端可以對Response進行GZip壓縮
postMethod.setHeader("Accept-Encoding", "gzip, deflate");
// 開始請求
startTime = System.currentTimeMillis();
HttpResponse response = httpClient.execute(postMethod);
logger.info("status:"+response.getStatusLine().getStatusCode());
// 讀取請求結果
if (HttpStatus.SC_OK == response.getStatusLine().getStatusCode()) {
HttpEntity httpEntity = response.getEntity();
//對gzip壓縮過的返回結果 進行解密
if(response.getFirstHeader("Content-Encoding") != null && response.getFirstHeader("Content-Encoding").getValue().toLowerCase().indexOf("gzip") > -1)
{
jsonResponse =dealGzipResponse(response);
}
else {
jsonResponse = EntityUtils.toString(httpEntity);
}
}
endTime = System.currentTimeMillis();
logger.info("返回結果size:" + jsonResponse.length());
logger.info("返回結果:" + Des3.decode(jsonResponse,"B30588A0EF18527DBBFB5ADB"));
logger.info("本次請求花費時間:" + (endTime - startTime) + "ms");
return jsonResponse;
}
/**
* @description 解析gzip返回結果
* @param
* @return
* @throws
*/
public static String dealGzipResponse(HttpResponse response) throws IOException
{
logger.info("=======解析gzip返回結果==========");
InputStream is = response.getEntity().getContent();
GZIPInputStream gzin = new GZIPInputStream(is);
InputStreamReader isr = new InputStreamReader(gzin,"UTF-8");
java.io.BufferedReader br = new java.io.BufferedReader(isr);
StringBuffer sb = new StringBuffer();
String tempbf;
while ((tempbf = br.readLine()) != null) {
sb.append(tempbf);
}
isr.close();
gzin.close();
return sb.toString();
}
$ cd /usr/local/nginx/conf
建立伺服器私鑰,命令會讓你輸入一個口令:
$ openssl genrsa -des3 -out server.key 1024
建立簽名請求的證照(CSR):
$ openssl req -new -key server.key -out server.csr
在載入SSL支援的Nginx並使用上述私鑰時除去必須的口令:
$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key
二: 配置nginx
最後標記證照使用上述私鑰和CSR:
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
修改Nginx配置檔案,讓其包含新標記的證照和私鑰:
server {
server_name localhost;
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/server.crt;
ssl_certificate_key /usr/local/nginx/conf/server.key;
}
重啟nginx。
另外還可以加入如下程式碼實現80埠重定向到443
server {
listen 80;
server_name ww.centos.bz;
rewrite ^(.*) permanent;
}
三: Apache HttpClient模擬https呼叫
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.apache.log4j.Logger;
public class SSLHttpClientFactory {
private static Logger logger = Logger.getLogger(SSLHttpClientFactory.class);
/**
* @description 獲取支援http,https兩種協議的httpClient
* @param
* @return
* @throws
*/
public static HttpClient wrapClient(HttpClient httpClient) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 443, ssf));
registry.register(new Scheme("http", 80, PlainSocketFactory
.getSocketFactory()));
ClientConnectionManager mgr = new PoolingClientConnectionManager(
registry);
return new DefaultHttpClient(mgr, httpClient.getParams());
} catch (Exception e) {
logger.error("封裝https client異常", e);
return httpClient;
}
}
}
=====================================================================
/**
* @description 傳送json請求,並返回結果
* @param url
* 請求地址
* @param jsonRequest
* 請求引數
* @return jsonResponse 返回結果
* @throws
*/
public static String sendJsonRequest(String url, String jsonRequest)
throws Exception {
logger.info("請求URL:" + url);
logger.info("請求引數:" + jsonRequest);
String jsonResponse = null;
httpClient = new DefaultHttpClient();
httpClient = SSLHttpClientFactory.wrapClient(httpClient );
postMethod = new HttpPost(url);
StringEntity entity = new StringEntity(jsonRequest, "UTF-8");
entity.setContentEncoding(new BasicHeader(HTTP.CONTENT_ENCODING,
Consts.UTF_8.toString()));
entity.setContentType(new BasicHeader(HTTP.CONTENT_TYPE,
"application/json;charset=UTF-8"));
postMethod.setEntity(entity);
postMethod.getParams().setParameter(
CoreProtocolPNames.USER_AGENT,
System.getProperty("os.name") + "(version "
+ System.getProperty("os.version") + " "
+ System.getProperty("os.arch") + ") "
+ System.getProperty("user.language"));
//新增頭資訊告訴服務端可以對Response進行GZip壓縮
postMethod.setHeader("Accept-Encoding", "gzip, deflate");
// 開始請求
startTime = System.currentTimeMillis();
HttpResponse response = httpClient.execute(postMethod);
logger.info("status:"+response.getStatusLine().getStatusCode());
// 讀取請求結果
if (HttpStatus.SC_OK == response.getStatusLine().getStatusCode()) {
HttpEntity httpEntity = response.getEntity();
//對gzip壓縮過的返回結果 進行解密
if(response.getFirstHeader("Content-Encoding") != null && response.getFirstHeader("Content-Encoding").getValue().toLowerCase().indexOf("gzip") > -1)
{
jsonResponse =dealGzipResponse(response);
}
else {
jsonResponse = EntityUtils.toString(httpEntity);
}
}
endTime = System.currentTimeMillis();
logger.info("返回結果size:" + jsonResponse.length());
logger.info("返回結果:" + Des3.decode(jsonResponse,"B30588A0EF18527DBBFB5ADB"));
logger.info("本次請求花費時間:" + (endTime - startTime) + "ms");
return jsonResponse;
}
/**
* @description 解析gzip返回結果
* @param
* @return
* @throws
*/
public static String dealGzipResponse(HttpResponse response) throws IOException
{
logger.info("=======解析gzip返回結果==========");
InputStream is = response.getEntity().getContent();
GZIPInputStream gzin = new GZIPInputStream(is);
InputStreamReader isr = new InputStreamReader(gzin,"UTF-8");
java.io.BufferedReader br = new java.io.BufferedReader(isr);
StringBuffer sb = new StringBuffer();
String tempbf;
while ((tempbf = br.readLine()) != null) {
sb.append(tempbf);
}
isr.close();
gzin.close();
return sb.toString();
}
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28624388/viewspace-1464716/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Nginx使用SSL模組配置httpsNginxHTTP
- NGINX配置SSL支援Nginx
- nginx docker容器配置https(ssl)NginxDockerHTTP
- Nginx的SSL配置優化 – HTTPS SSL 教程Nginx優化HTTP
- nginx配置ssl加密(單/雙向認證、部分https) – HTTPS SSL 教程Nginx加密HTTP
- Linux上Nginx中開啟SSL模組,實現Https訪問LinuxNginxHTTP
- nginx配置ssl實現https訪問 小白文NginxHTTP
- nginx配置SSL證書實現https服務NginxHTTP
- 伺服器配置ssl證書支援蘋果ATS方法 – HTTPS SSL 教程伺服器蘋果HTTP
- Nginx配置正向代理支援HTTP和HTTPS轉發NginxHTTP
- Nginx配置HTTPSNginxHTTP
- 怎麼讓後臺模組支援httpsHTTP
- Nginx+Tomcat Https SSL部署方案NginxTomcatHTTP
- 二、Nginx 配置 httpsNginxHTTP
- HTTPS的SSL證書配置HTTP
- 教你如何給 Discuz! X3.1/3.2 開啟https(SSL)支援! – HTTPS SSL 教程HTTP
- Nginx 配置https證書NginxHTTP
- Nginx配置Https專案NginxHTTP
- 配置nginx支援Nginx
- 阿里雲伺服器部署 nodejs + mongodb + nginx 反向代理 + https配置 ssl證書阿里伺服器NodeJSMongoDBNginxHTTP
- [python][nginx][https] Nginx 伺服器 SSL 證照安裝部署PythonNginxHTTP伺服器
- Nginx如何配置HTTPS詳解NginxHTTP
- nginx+php-fpm配置HTTPSNginxPHPHTTP
- SSL基礎知識及Nginx/Tomcat配置SSLNginxTomcat
- nginx配置 laravel 支援NginxLaravel
- CentOS 7 下安裝PHP環境並且配置Nginx支援php-fpm模組CentOSPHPNginx
- nginx+騰訊雲免費ssl證書+阿里雲ECS實現Https配置Nginx阿里HTTP
- Tengine新增nginx upstream模組的使用Nginx
- nginx使用熱部署新增新模組Nginx熱部署
- Nginx使用Lua模組實現WAFNginx
- 循序漸進nginx(三):日誌管理、http限流、https配置,http_rewrite模組,第三方模組安裝,結語NginxHTTP
- 全站HTTPS升級系列(三)nginx配置全站HTTPSHTTPNginx
- nginx開啟ssl並把http重定向到httpsNginxHTTP
- centos nginx下配置免費httpsCentOSNginxHTTP
- nginx配置https協議訪問NginxHTTP協議
- nginx 專案配置 https 訪問NginxHTTP
- nginx配置https詳細過程NginxHTTP
- Nginx配置網站預設httpsNginx網站HTTP
- Nginx如何配置Http、Https、WS、WSS?NginxHTTP