avatar

为nginx配置https并自签名证书

nginx 配置自签名ssl证书,启用https

创建一个ssl.conf文件,内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
[req]
default_bits = 2048
default_keyfile = ssl.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Hunan
localityName = Locality Name (eg, city)
localityName_default = Changsha
organizationName = Organization Name (eg, company)
organizationName_default = laravel.test
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = laravel.test
commonName_max = 64

[req_ext]
subjectAltName = @alt_names

[v3_ca]
subjectAltName = @alt_names

[alt_names]
DNS.1 = laravel.test
DNS.2 = api.laravel.test
DNS.3 = www.laravel.test
DNS.4 = m.laravel.test

执行脚本生成证书:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl.key -out ssl.crt -config ssl.conf

修改nginx配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
server {
listen 443 ssl;

ssl_certificate /home/pwfu/Documents/doc/ssl/ssl.crt;
ssl_certificate_key /home/pwfu/Documents/doc/ssl/ssl.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

root /home/pwfu/Documents/project/public/;
index index.html index.htm index.php;
server_name laravel.test api.laravel.test m.laravel.test www.laravel.test;
#server_name localhost;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
error_page 404 /index.php;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
}

信任证书

Windows

  1. 访问 https://laravel.test,导出自签名证书,并保存为 test.cer,注意保存为 .cer 格式。
  2. 通过 Chrome 功能菜单导入,首先打开【设置】-【管理证书】菜单,然后如下图导入,注意选择将证书保存到受信任的根证书颁发机构。
  3. 重启 Chrome 后,然后访问 https://laravel.test,就没有安全警告了.

Linux

sudo apt-get install libnss3-tools
certutil -d sql:$HOME/.pki/nssdb -A -t “P,,” -n “laravel.test” -i ssl.crt

文章作者: pengweifu
文章链接: https://www.pengwf.com/2019/12/14/web/PHP-NGINX-SSL/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 麦子的博客
打赏
  • 微信
    微信
  • 支付宝
    支付宝

评论