使用方法
1、安装nginx。
下载地址:https://nginx.org/en/download.html
2、安装OpenSSL。
下载地址:https://slproweb.com/products/Win32OpenSSL.html
新建环境变量 OPENSSL_HOME,值为 C:\Program Files\OpenSSL-Win64。将 %OPENSSL_HOME%\bin 添加到Path变量中。
3、生成https证书。
在nginx里新建ssl文件夹,添加文件 server.cnf。
[ req ]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = dn
req_extensions = v3_req
[ dn ]
C=CN
ST=Shandong
L=Zibo
O=Ieslab
OU=IT
CN=Ieslab
[ v3_req ]
keyUsage = critical, cRLSign, digitalSignature, keyCertSign, keyEncipherment, dataEncipherment
extendedKeyUsage=serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
执行以下代码生成 server.key 和 server.scr,
openssl genrsa -des3 -out server.key 1024
openssl req -new -sha256 -key server.key -out server.csr -config server.cnf -extensions v3_req
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt -extfile server.cnf -extensions v3_req
点击此处下载https证书。
将证书安装到受信任的根证书颁发机构。
4、修改nginx配置。
http {
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
ssl_certificate ..\\ssl\\server.crt;
ssl_certificate_key ..\\ssl\\server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
location /geoserver/ {
proxy_pass http://203.93.14.234/geoserver/;
}
}
}
参考文档
参考文档:https://blog.csdn.net/m0_53151031/article/details/125497917
参考文档:https://superuser.com/questions/738612/openssl-ca-keyusage-extension