Nginx配置https首先要获得证书和key(密钥),测试用例用java自带的keytool工具生成,由于我们证书是自己生成所以只能绑定一个域名,对于我们测试足够用了。
1 证书一般放在ngingx里的conf目录里
打开cmd命令窗口,指定使用RSA算法生成一个颁发证书的机构:
执行命令:keytool -genkey -alias haojing -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore C:/JavaSoftWare/nginx-1.14.0/conf/haojing.keystore -storepass 123456
注意:目录最好不要用绝对格式,可能会有意想不到的bug
2 以上设置可以随意,只是测试用例写的有点针对性,以上命令敲完以后在你相应目录下会生成一个文件
haojing.keystore
3 我们需要的证书和密钥都在这个keystore里,接下来我们生成cer证书,还是在该目录下
执行命令:keytool -export -alias haojing -keystore C:/JavaSoftWare/nginx-1.14.0/conf/haojing.keystore -storepass 123456 -rfc -file C:/JavaSoftWare/nginx-1.14.0/conf/haojing.cer
4 证书有了,接下里我们导出密钥,由于keytool不提供命令导出密钥,所以需要编写java类,测试类如下:
public class SslKey { ???public static KeyStore getKeyStore(String keyStorePath, String password) throws Exception { ???????FileInputStream is = new FileInputStream(keyStorePath); ???????KeyStore ks = KeyStore.getInstance("JKS"); ???????ks.load(is, password.toCharArray()); ???????is.close(); ???????return ks;} ????public static PrivateKey getPrivateKey() { ???????try { ???????????BASE64Encoder encoder = new BASE64Encoder(); ???????????KeyStore ks = getKeyStore("C:/JavaSoftWare/nginx-1.14.0/conf/haojing.keystore", "123456"); ???????????PrivateKey key = (PrivateKey) ks.getKey("haojing", "123456".toCharArray()); ???????????String encoded = encoder.encode(key.getEncoded()); ???????????System.out.println("-----BEGIN RSA PRIVATE KEY-----"); ???????????System.out.println(encoded); ???????????System.out.println("-----END RSA PRIVATE KEY-----"); ???????????return key; ???????} catch (Exception e) { ???????????return null; ???????}} ????public static void main(String[] args) { ???????getPrivateKey(); ???}}5 执行完java程序控制台生成key
复制粘贴 保存文件命名为haojing,后缀为.key
6 到这一步,已经可以将cer证书(若需要crt证书,可以直接把cer证书文件的后缀改为crt即可)配置到nginx中使用。我们这边用的是crt证书,所以改下后缀
7 打开nginx的nginx.conf文件,默认配置都是把https注销的,修改如下
#HTTPS server
server {
listen 443 ssl;
server_name localhost;
ssl_certificate C:/JavaSoftWare/nginx-1.14.0/conf/haojing.crt;
ssl_certificate_key C:/JavaSoftWare/nginx-1.14.0/conf/haojing.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
8 重启nginx,访问 hppts://localhost
Nginx配置https
原文地址:https://www.cnblogs.com/hzzjj/p/9898425.html