作用:SSL证书卸载
1、制作证书
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server.key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
放在指定目录,比如 /usr/local/cert
TODO 其他证书制作方式
2、配置nginx https证书
nginx.conf文件,注意proxy_pass后面的斜杠,加和不加效果不一样
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /usr/local/cert/server.crt;
ssl_certificate_key /usr/local/cert/server.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSV1.1 TLSV1.2 SSLv2 SSLv3;
ssl_prefer_server_ciphers on;
location /test1 {
proxy_pass http://192.168.137.201:8081/;
}
location /test2 {
proxy_pass http://192.168.137.201:8082/;
}
}
3、配置nginx wss证书
http://nginx.org/en/docs/http/websocket.html
ws:8050 -> 8060
server {
listen 8050;
server_name localhost;
location / {
proxy_pass http://172.16.1.127:8060/;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
wss:8450 -> 8460 证书和https的一样
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8450 ssl;
server_name localhost;
ssl_certificate /usr/local/cert/server.crt;
ssl_certificate_key /usr/local/cert/server.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://172.16.1.127:8460/;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}文章来源:https://www.toymoban.com/news/detail-439657.html
可以使用wscat测试文章来源地址https://www.toymoban.com/news/detail-439657.html
到了这里,关于nginx: 配置https证书,wss证书的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
