Nginx的https设置

1.生成证书文件

下载OpenSSL-Win32

#设置变量
set OPENSSL_CONF=openssl.cfg
# 生成一个RSA密钥 
openssl genrsa -des3 -out server.key 1024
# 生成一个证书请求
openssl req -new -key server.key -out server.csr
# 拷贝一个不须要输入密码的密钥文件
openssl rsa -in server.key -out server_nopwd.key
# 本身签发证书
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

# 生成一个8192位长的 SHA-256 RSA 密钥：
openssl genrsa -aes256 -out server.key 8192
# 建立自签名根 CA 证书 ca.crt；你须要为你的根 CA 提供一个身份：
openssl req -sha256 -new -x509 -days 3650 -key server.key -out server.crt
# 拷贝一个不须要输入密码的密钥文件
openssl rsa -in server.key -out server_nopwd.key
# 本身签发证书
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

2.设置Nginx

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
		listen 9001;

		#server_name 192.168.1.103:8080;
		ssl on; 
		ssl_certificate server.crt; 
		ssl_certificate_key server_nopwd.key;

		location / {
			proxy_pass   http://127.0.0.1:8080;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}
	}
}