颁发不受浏览器信任的SSL证书
颁发不受浏览器信任的SSL证书
# 生成一个RSA密钥
$ openssl genrsa -des3 -out crabdave.key 1024
# 生成一个证书请求
$ openssl req -new -key crabdave.key -out crabdave.csr
# 拷贝一个不需要输入密码的密钥文件
$ openssl rsa -in crabdave.key -out crabdave_nopass.key
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:Beijing
Locality Name (eg, city) [Newbury]:Beijing
Organization Name (eg, company) [My Company Ltd]:crabdave.org
Organizational Unit Name (eg, section) []:development
Common Name (eg, your name or your server's hostname) []:*.crabdave.org
Email Address []:[email protected]
A challenge password []:直接回车
An optional company name []:直接回车
# 自己签发证书
$ openssl x509 -req -days 365 -in crabdave.csr -signkey crabdave.key -out crabdave.crt
编辑配置文件nginx.conf
listen 443;
server_name nexus.crabdave.org;
# allow large uploads of files - refer to nginx documentation
#client_max_body_size 1G
# optimize downloading files larger than 1G - refer to nginx doc before adjusting
#proxy_max_temp_file_size 2G
ssl on;
ssl_certificate /usr/local/nginx/conf/crabdave.crt;
ssl_certificate_key /usr/local/nginx/conf/crabdave_nopass.key;
location / {
proxy_pass http://127.0.0.1:8081/nexus/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}