Nginx代理https功能_nginx代理ssl

1.  安装openssl：

[root@node2 ~]# yum install -y openssl

2.  生成ssl证书：

[root@node2 ~]# cd /etc/pki
 
[root@node2 pki]# mkdir nginx
 
[root@node2 pki]# cd nginx/
 
## 生成2048位的加密私钥
[root@node2 nginx]# openssl genrsa -out server.key 2048
 
## 生成证书签名请求（CSR），这里需要填写许多信息
[root@node2 nginx]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN   ## 国家代号，中国输入CN
State or Province Name (full name) []:SN  ## 省的全名，拼音，或者缩写
Locality Name (eg, city) [Default City]:XiAn  ## 市的全名，拼音
Organization Name (eg, company) [Default Company Ltd]:openlab  ##  公司英文名
Organizational Unit Name (eg, section) []:  ## 组织单位名，可以不输入
Common Name (eg, your name or your server's hostname) []:www.openlab.com  
## 服务器主机名，若填写不正确，浏览器会报告证书无效
Email Address []:admin@123.com  ## 电子邮箱，可随意填满足格式即可
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:  ## 是否要做密码保护，可以不输入
An optional company name []:  ## 可以不输入
## 查看当前目录是否生成证书
[root@node2 nginx]# ls
server.csr  server.key

3.  生成类型为X509的自签名证书，有效期设置3650天。

## 生成类型为X509的自签名证书。有效期设置3650天
[root@node2 nginx]# openssl x509 -req -days 3650 -in server.csr -signkey 
server.key -out server.crt
Signature ok
subject=/C=CN/ST=SN/L=XiAn/O=openlab/CN=www.openlab.com/emailAddress=admin@123.com
Getting Private key

 4.  配置Nginx配置文件：

[root@node2 nginx]# vim /etc/nginx/nginx.conf
 
.......
server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  _;
        root         /usr/share/nginx/html;
 
        ssl_certificate "/etc/pki/nginx/server.crt";  ## 自签名证书文件，绝对路径
        ssl_certificate_key "/etc/pki/nginx/server.key";  ## 加密私钥文件
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
 
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
 
        error_page 404 /404.html;
            location = /40x.html {
        }
 
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
}
.......

5.  配置访问页面：

[root@node2 nginx]# cd /usr/share/nginx/html/
 
[root@node2 nginx]# mkdir bbs
 
[root@node2 nginx]# vim bbs/index.html
this bbs pages

6.  访问" https://192.168.188.12/bbs "，查看https是否配置成功：