nginx 配置自签名ssl证书,启用https 创建一个ssl.conf文件,内容如下: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 [req] default_bits = 2048 default_keyfile = ssl.key distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_ca [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = CN stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Hunan localityName = Locality Name (eg, city) localityName_default = Changsha organizationName = Organization Name (eg, company) organizationName_default = laravel.test organizationalUnitName = organizationalunit organizationalUnitName_default = Development commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = laravel.test commonName_max = 64 [req_ext] subjectAltName = @alt_names [v3_ca] subjectAltName = @alt_names [alt_names] DNS.1 = laravel.test DNS.2 = api.laravel.test DNS.3 = www.laravel.test DNS.4 = m.laravel.test
执行脚本生成证书:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl.key -out ssl.crt -config ssl.conf
修改nginx配置文件 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 server { listen 443 ssl; ssl_certificate /home/pwfu/Documents/doc/ssl/ssl.crt; ssl_certificate_key /home/pwfu/Documents/doc/ssl/ssl.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /home/pwfu/Documents/project/public/; index index.html index.htm index.php; server_name laravel.test api.laravel.test m.laravel.test www.laravel.test; #server_name localhost; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; } location ~ /\.ht { deny all; } error_page 404 /index.php; location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } }
信任证书 Windows
访问 https://laravel.test,导出自签名证书,并保存为 test.cer,注意保存为 .cer 格式。
通过 Chrome 功能菜单导入,首先打开【设置】-【管理证书】菜单,然后如下图导入,注意选择将证书保存到受信任的根证书颁发机构。
重启 Chrome 后,然后访问 https://laravel.test,就没有安全警告了 .
Linux
sudo apt-get install libnss3-tools certutil -d sql:$HOME/.pki/nssdb -A -t “P,,” -n “laravel.test” -i ssl.crt