End.
原
本地Nginx配置https访问
本地开发,有时候需要配置https,进行调试。
以下使用Centos7虚拟机,进行配置。
第一步,配置hosts
打开文件,/etc/hosts,写入 www.yxccan.net
[root@localhost ~]# vi /etc/hosts
[root@localhost ~]#127.0.0.1 www.yxccan.net localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6第二步,创建ssl证书
到nginx安装目录,创建cert目录
[root@localhost ~]# cd /usr/local/app/nginx [root@localhost nginx]# mkdir cert[root@localhost nginx]# cd cert
创建ssl证书
[root@localhost cert]# openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -keyout yxccan-net.key -out yxccan-net.crt查看ssl证书内容
[root@localhost cert]# openssl x509 -text -noout -in yxccan-net.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b0:e6:14:d0:fe:64:8a:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=XX, L=Default City, O=Default Company Ltd
Validity
Not Before: Jul 16 16:04:26 2022 GMT
Not After : Jul 16 16:04:26 2023 GMT
Subject: C=XX, L=Default City, O=Default Company Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:c6:b6:59:47:71:d0:c9:db:95:45:bf:9d:51:
9d:a7:7e:9b:35:2f:ea:59:8d:e7:f3:06:4f:01:bb:
cc:9a:56:bf:df:71:21:4b:c2:19:ec:ef:6f:06:ae:
db:2c:9e:c2:f2:c1:80:d6:71:01:8a:ff:5f:67:cf:
37:a0:7e:ef:4b:4d:20:b1:38:30:3b:36:f5:49:0f:
ef:44:0e:d4:e6:ef:11:0b:bf:9c:6b:70:15:12:89:
7c:a4:0b:fa:68:21:b8:0e:b5:0f:7a:95:00:69:e5:
50:ff:ba:c7:1f:0b:e2:f5:df:58:df:58:2a:7b:6c:
5d:ea:e5:95:22:ec:8b:20:fa:22:15:ad:b4:33:c2:
5b:12:4c:b3:81:a4:d2:33:28:27:d1:b2:a1:13:bb:
ba:ca:ba:3b:1d:95:05:4b:5c:cf:5f:1a:69:14:de:
8d:2d:40:78:6c:4c:06:12:7e:2c:85:7a:6b:be:7d:
09:d9:60:8f:24:0c:3f:da:28:70:cd:6b:f7:36:ce:
23:65:dd:83:fc:d1:67:79:60:11:f3:06:90:62:ef:
0e:9c:1e:df:3f:43:81:1a:c1:8d:2f:11:9f:42:a9:
52:50:ce:8a:fd:37:09:74:ab:bc:2f:d2:2a:eb:ec:
9e:23:66:57:92:41:06:4a:99:b6:1d:28:4d:40:10:
09:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:B2:60:98:C4:3D:25:01:0D:6E:DB:56:74:D7:21:84:DD:F3:A9:78
X509v3 Authority Key Identifier:
keyid:ED:B2:60:98:C4:3D:25:01:0D:6E:DB:56:74:D7:21:84:DD:F3:A9:78
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a2:8d:a1:39:29:05:73:43:8d:4b:02:db:1f:91:cf:74:ee:4f:
c2:66:d5:d5:70:53:23:89:a7:60:02:24:79:de:7f:ad:0b:9b:
88:cc:94:e1:dd:05:fb:e3:a0:78:4b:85:ef:e8:61:18:8d:f9:
c1:a5:35:c6:03:cf:6d:39:04:2a:d6:fc:f8:e9:0e:0b:ed:b4:
c8:59:bb:5a:9a:dc:bf:39:2e:b2:48:aa:9d:b5:c2:99:e8:33:
4d:c7:c4:65:75:40:9a:c1:01:30:6a:bd:df:1b:ea:9e:a5:a6:
8b:51:fc:7f:f6:66:54:43:0f:25:5d:a2:9f:00:ec:3e:39:35:
8e:b5:88:12:ed:47:82:fc:51:23:3f:ea:1f:86:95:f8:be:e8:
4b:fd:22:f1:17:f3:6c:e6:2b:77:be:9d:11:aa:df:fa:62:e9:
7b:d8:85:d3:3f:48:02:e2:7c:ba:7a:3b:cc:1a:f4:b3:e8:bc:
e9:e6:fe:ee:fd:21:d6:56:9a:b2:c1:65:ff:30:f4:f3:ac:ce:
d5:b7:fd:f6:c1:2e:0c:72:c9:42:9e:dd:b5:09:51:52:d1:13:
db:bb:23:84:a8:58:59:16:ca:10:ee:52:ae:b2:85:a3:dc:cb:
b8:08:b0:45:1e:d4:80:19:10:e0:94:b0:9c:5e:c0:60:ee:52:
09:8c:de:96
[root@localhost cert]# 第三步,配置nginx
server {
listen 443 ssl;
ssl_certificate /usr/local/app/nginx/cert/yxccan-net.crt;
ssl_certificate_key /usr/local/app/nginx/cert/yxccan-net.key;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://www.yxccan.net;
}
server_name www.yxccan.net;
# rewrite ^(.*) http://$server_name$1 permanent;
}
server {
listen 80;
server_name www.yxccan.net;
root /mnt/hgfs/hcApi/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
# try_files $uri $uri/ /index.php$is_args$query_string;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
fastcgi_param HTTPS on;
}
}
重启nginx,sbin/nginx -s reload
[root@localhost nginx]# sbin/nginx -s reload
[root@localhost nginx]#第四步,谷歌浏览器配置
浏览器地址输入:chrome://flags/#https-only-mode-setting
开启Allow invalid certificates for resource loaded from localhost.
此时大功告成,浏览器打开https://www.yxccan.net,完成。
End.