Nginx的https設置

1.生成證書文件

下載OpenSSL-Win32

#設置變量
set OPENSSL_CONF=openssl.cfg
# 生成一個RSA密鑰 
openssl genrsa -des3 -out server.key 1024
# 生成一個證書請求
openssl req -new -key server.key -out server.csr
# 拷貝一個不須要輸入密碼的密鑰文件
openssl rsa -in server.key -out server_nopwd.key
# 本身簽發證書
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

# 生成一個8192位長的 SHA-256 RSA 密鑰：
openssl genrsa -aes256 -out server.key 8192
# 建立自簽名根 CA 證書 ca.crt；你須要爲你的根 CA 提供一個身份：
openssl req -sha256 -new -x509 -days 3650 -key server.key -out server.crt
# 拷貝一個不須要輸入密碼的密鑰文件
openssl rsa -in server.key -out server_nopwd.key
# 本身簽發證書
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

2.設置Nginx

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
		listen 9001;

		#server_name 192.168.1.103:8080;
		ssl on; 
		ssl_certificate server.crt; 
		ssl_certificate_key server_nopwd.key;

		location / {
			proxy_pass   http://127.0.0.1:8080;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}
	}
}