尊龙凯时人生就是搏

ÆÊÎöNginxµÄHTTPSÉèÖúÍÖ¤ÊéÖÎÀíʵÏÖϸ½Ú

nginxµÄhttpsÉèÖúÍÖ¤ÊéÖÎÀíʵÏÖϸ½ÚÆÊÎö

ÔÚÍøÂçÐÅÏ¢Çå¾²ÁìÓò  £¬HTTPSЭÒéÊǺÜÊÇÖ÷ÒªµÄÒ»ÖÖÇ徲ͨѶÊÖÒÕ  £¬ËüΪ»¥ÁªÍøÉϵÄÊý¾Ý´«ÊäÌṩÁËÒ»ÖÖ¼ÓÃÜ¡¢Éí·ÝÈÏÖ¤ºÍÍêÕûÐÔ±£»¤µÄ»úÖÆ ¡£NginxÊÇÒ»¸ö¸ßÐÔÄܵÄWebЧÀÍÆ÷ºÍ·´ÏòÊðÀíЧÀÍÆ÷  £¬Ëü²»µ«Ö§³ÖHTTPЭÒé  £¬»¹Ö§³ÖHTTPSЭÒé ¡£ÔÚ±¾ÎÄÖÐ  £¬ÎÒÃǽ«ÆÊÎöNginxµÄHTTPSÉèÖúÍÖ¤ÊéÖÎÀíµÄʵÏÖϸ½Ú  £¬²¢¸ø³öÏìÓ¦µÄ´úÂëʾÀý ¡£

ÌìÉúHTTPSÖ¤Êé

ҪʹÓÃHTTPSЭÒé  £¬Ê×ÏÈÐèÒªÌìÉúÒ»¶Ô¹«Ë½Ô¿ºÍÒ»¸öSSLÖ¤Êé ¡  £¿ÉÒÔʹÓÃopenssl¹¤¾ßÌìÉúÕâЩÎļþ ¡£ÒÔÏÂÊÇÒ»¸öʾÀý£º

$ openssl genrsa -out private.key 2048
$ openssl req -new -key private.key -out csr.csr
$ openssl x509 -req -days 365 -in csr.csr -signkey private.key -out certificate.crt

µÇ¼ºó¸´ÖÆ

ÔÚÉÏÊö´úÂëÖÐ  £¬private.keyÊÇÌìÉúµÄ˽ԿÎļþ  £¬csr.csrÊÇÖ¤ÊéÇëÇóÎļþ  £¬certificate.crtÊÇ×îÖÕÌìÉúµÄSSLÖ¤Êé ¡£

NginxÉèÖÃHTTPS

ÔÚNginxµÄÉèÖÃÎļþÖÐ  £¬¿ÉÒÔͨ¹ýÌí¼ÓÒÔϼ¸ÐÐÉèÖÃÀ´ÆôÓÃHTTPS£º

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
}

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖеÄlistenÖ¸Áî½ç˵Á˼àÌýµÄ¶Ë¿ÚºÍЭÒé  £¬ssl_certificateÖ¸Áî½ç˵ÁËSSLÖ¤ÊéµÄ·¾¶  £¬ssl_certificate_keyÖ¸Áî½ç˵ÁË˽ԿÎļþµÄ·¾¶ ¡£

Ö¤ÊéÁ´ºÍÖÐÐÄÖ¤Êé

ÔÚһЩÇéÐÎÏ  £¬SSLÖ¤Êé¿ÉÄÜÓɶà¸öÖ¤Êé×é³É  £¬ÆäÖÐÒ»¸öÊÇSSLÖ¤Êé×Ô¼º  £¬ÆäÓàµÄÊÇÖÐÐÄÖ¤Êé ¡£ÔÚNginxµÄÉèÖÃÎļþÖÐ  £¬¿ÉÒÔͨ¹ýÒÔÏ·½·¨ÉèÖÃÖÐÐÄÖ¤Ê飺

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    ssl_trusted_certificate /path/to/intermediate.crt;
}

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖеÄssl_trusted_certificateÖ¸Áî½ç˵ÁËÖÐÐÄÖ¤ÊéµÄ·¾¶ ¡£µ±ä¯ÀÀÆ÷ÓëNginx½¨ÉèÅþÁ¬Ê±  £¬Nginx»á½«SSLÖ¤ÊéÁ´Ò»Í¬´«Êä¸øä¯ÀÀÆ÷  £¬ÒÔ¹©ÑéÖ¤ ¡£

Ç¿ÖÆʹÓÃHTTPS

ÔÚÐí¶àÇéÐÎÏ  £¬ÍøվϣÍûËùÓеÄHTTPÇëÇó¶¼×Ô¶¯Öض¨Ïòµ½HTTPS ¡  £¿ÉÒÔͨ¹ýÒÔÏ·½·¨ÉèÖÃNginxµÖ´ï´ËÄ¿µÄ£º

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖеÄreturnÖ¸ÁËùÓеÄHTTPÇëÇóÖض¨Ïòµ½HTTPS ¡£

Ö¤ÊéÖÎÀí

ÔÚÏÖʵӦÓÃÖÐ  £¬SSLÖ¤Êé¿ÉÄÜ»áÓâÆÚ»òÐèÒª¸üР £¬´ËʱÐèÒª¾ÙÐÐÏìÓ¦µÄÖ¤ÊéÖÎÀí ¡£ÒÔÏÂÊÇһЩ³£¼ûµÄÖ¤ÊéÖÎÀí²Ù×÷ºÍÏìÓ¦µÄʾÀý´úÂ룺

Éó²éSSLÖ¤ÊéÐÅÏ¢£º

$ openssl x509 -in certificate.crt -text -noout

µÇ¼ºó¸´ÖÆ

Éó²éÖ¤ÊéÇëÇóÐÅÏ¢£º

$ openssl req -in csr.csr -text -noout

µÇ¼ºó¸´ÖÆ

ÑéÖ¤SSLÖ¤ÊéºÍ˽ԿÊÇ·ñÆ¥Å䣺

$ openssl rsa -in private.key -check
$ openssl x509 -noout -modulus -in certificate.crt | openssl md5
$ openssl rsa -noout -modulus -in private.key | openssl md5

µÇ¼ºó¸´ÖÆ

ÑéÖ¤Ö¤ÊéÁ´µÄÓÐÓÃÐÔ£º

$ openssl verify -CAfile intermediate.crt certificate.crt

µÇ¼ºó¸´ÖÆ

ͨ¹ýÒÔÉÏÖ¤ÊéÖÎÀí²Ù×÷  £¬¿ÉÒÔ¶ÔSSLÖ¤Êé¾ÙÐÐÉó²é¡¢ÑéÖ¤ºÍ¸üеȲÙ×÷ ¡£

×ܽ᣺

±¾ÎÄÆÊÎöÁËNginxµÄHTTPSÉèÖúÍÖ¤ÊéÖÎÀíµÄʵÏÖϸ½Ú  £¬²¢¸ø³öÁËÏìÓ¦µÄ´úÂëʾÀý ¡£Í¨¹ýÉÏÊöÉèÖúÍÖ¤ÊéÖÎÀí²Ù×÷  £¬ÎÒÃÇ¿ÉÒÔÔÚNginxÉÏʵÏÖÇå¾²µÄHTTPSͨѶ  £¬²¢¶ÔSSLÖ¤Êé¾ÙÐÐÓÐÓõÄÖÎÀí ¡£

ÒÔÉϾÍÊÇÆÊÎöNginxµÄHTTPSÉèÖúÍÖ¤ÊéÖÎÀíʵÏÖϸ½ÚµÄÏêϸÄÚÈÝ  £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí  £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø  £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í尊龙凯时人生就是搏ÂËÓÍ»úÍø¹Ù·½Ì¬¶È  £¬Çë¶ÁÕß½ö×ö²Î¿¼ ¡£±¾ÎĽӴýתÔØ  £¬×ªÔØÇë˵Ã÷À´ÓÉ ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢  £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢  £¬ÇëÄúÁ¬Ã¦ÁªÏµ尊龙凯时人生就是搏ʵʱÐÞÕý»òɾ³ý ¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ尊龙凯时人生就是搏

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå  £¬9:30-18:30  £¬½ÚãåÈÕÐÝÏ¢

QR code
sitemap¡¢ÍøÕ¾µØͼ