配置ssl

适用于测试环境(自签证书)

  1. 生成证书
cd /etc/nginx/ssl
/usr/sbin/generate-ssl.sh
  1. 配置ssl代理

生成配置文件,对配置文件内容变更,ssl部分不变。

cd /etc/nginx/conf/conf.d
cp example/ssl.conf.example ssl.conf

调整后样例如下:

server {
    listen 5443 ssl;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_certificate /etc/ssl/nginx.crt;
    ssl_certificate_key /etc/ssl/nginx.key;
    server_name localhost;

    location / {
        proxy_pass http://127.0.0.1:8080
    }
}
  1. 查看监听是否生效
[root@localhost conf.d]# ss -aln|grep 5443
tcp    LISTEN     0      128       *:5443                  *:*
  1. 重载
systemctl reload nginx
  1. 启动8080监听
python -m SimpleHTTPServer 8080

  1. 防火墙开放5443端口

  2. CentOS6

iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 5443 -j ACCEPT
/etc/rc.d/init.d/iptables save
service iptables restart
  • CentOS7
firewall-cmd --zone=public --add-port=5443/tcp --permanent
firewall-cmd --reload
  1. 浏览器访问nginx宿主机的5443端口验证ssl
Copyright © weiliang-ms 2021 all right reserved,powered by Gitbook本书发布时间: 2024-05-30 16:49:59

results matching ""

    No results matching ""