nginx自签证书生成及配置

生成证书

生成key

$ openssl genrsa -out www.zk.com.key 2048

生成csr

$ openssl req -new -key www.zk.com.key -out www.zk.com.csr

生成如下文件

www.zk.com.csr  www.zk.com.key

生成crt

$ openssl x509 -req -days 365 -in www.zk.com.csr -signkey www.zk.com.key -out www.zk.com.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key

生成文件如下

www.zk.com.crt  www.zk.com.csr  www.zk.com.key

生成 pem

$ cat www.zk.com.crt www.zk.com.key > www.zk.com.pem
ls
www.zk.com.crt  www.zk.com.csr  www.zk.com.key  www.zk.com.pem

配置 nginx

upstream api {server localhost:3443;
}server{listen 443 ssl;ssl_certificate /etc/nginx/ssl/www.zk.com.pem;ssl_certificate_key /etc/nginx/ssl/www.zk.com.key;#server_name www.zk.com;location / {proxy_pass  http://api;}       
}
server{listen 443 ssl;ssl_certificate /etc/nginx/ssl/www.ty.com.pem;ssl_certificate_key /etc/nginx/ssl/www.ty.com.key;#server_name www.ty.com;location / {proxy_pass  http://api;}       
}