openssl genrsa -des3 -out privkey.key 1024
產生 CSR
openssl req -new -key privkey.key -out ca.csr <
Taiwan
Taipei
INIC
G
MIS
EOF
openssl rsa -in privkey.key -out privkey_nopass.key
建立自我簽署的CA
openssl x509 -req -days 365 -in ca.csr -signkey privkey_nopass.key -out ca.crt
編輯 /etc/nginx/conf.d/ssl.conf
server
{
listen 443 ssl;
# server_name aaa.com.;
### SSL log files ###
# access_log /var/logs/ssl-access.log;
# error_log /var/logs/ssl-error.log;
### SSL cert files ###
ssl_certificate ssl/ca.crt;
ssl_certificate_key ssl/privkey_nopass.key;
### Add SSL specific settings here ###
keepalive_timeout 60;
location /b {
proxy_pass http://192.168.10.101/b;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_max_temp_file_size 0;
}
}
沒有留言:
張貼留言