windows生成ssl证书,实现本地https访问
下载openssl下载地址https://slproweb.com/products/Win32OpenSSL.html安装openssl配置环境变量将openssl的bin目录配置到path中生成私钥文件openssl genrsa -des3 -out localhost.key 2048去除口令,否则启动nginx时需要密码move server.key localhost.key.bako
·
下载openssl
下载地址 Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions
安装openssl
配置环境变量
将openssl的bin目录配置到path中
生成私钥文件
openssl genrsa -des3 -out localhost.key 2048
去除口令,否则启动nginx时需要密码
openssl rsa -in localhost.key -out localhost.key
创建请求证书
openssl req -new -key localhost.key -out localhost.csr
生成证书
openssl x509 -req -days 36500 -in localhost.csr -signkey localhost.key -out localhost.crt
将crt和key文件复制到nginx目录下/conf/cert
修改nginx.conf文件
插入以下代码
# https默认端口是443
server {
listen 443 ssl;
server_name localhost;
# 证书路径
ssl_certificate cert/localhost.crt;
ssl_certificate_key cert/localhost.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
# 代理地址,就是实际要访问的地址
proxy_pass http://127.0.0.1:8080;
}
}
# 将http://localhost重定向到https://localhost
server {
listen 80;
listen [::]:80;
server_name localhost;
return 301 https://localhost$request_uri;
}
注意,server标签需要在http标签下
重启nginx,访问https://localhost
更多推荐
已为社区贡献1条内容
所有评论(0)