标签:www nginx 主机 ssl IP地址 test org com
测试环境下,采用自生成的证书和私钥
一、生成证书和私钥
1、进入certs这个目录,在这个目录下使用make 可以直接生成证书
cd /etc/ssl/certs
2、修改Makefile文件,去掉里面生成证书自动加密
vim Makefile
%.key:
umask 77 ; \
/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
修改为:
%.key: umask 77 ; \ /usr/bin/openssl genrsa $(KEYLEN) > $@
3、生成www.test.com 的证书和私钥
[18:55:06 root@localhost certs]#make test.com.crt
umask 77 ; \ /usr/bin/openssl genrsa 2048 > test.com.key Generating RSA private key, 2048 bit long modulus .............................+++ ...........................................................................................................................................................................+++ e is 65537 (0x10001) umask 77 ; \ /usr/bin/openssl req -utf8 -new -key test.com.key -x509 -days 365 -out test.com.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:shanghai Locality Name (eg, city) [Default City]:shanghai Organization Name (eg, company) [Default Company Ltd]:sh Organizational Unit Name (eg, section) []:sh Common Name (eg, your name or your server's hostname) []:www.test.com Email Address []:
4、生成www.test.org的证书和私钥文件
[18:58:06 root@localhost certs]#make test.org.crt umask 77 ; \ /usr/bin/openssl genrsa 2048 > test.org.key Generating RSA private key, 2048 bit long modulus ....................................................................+++ ...........................+++ e is 65537 (0x10001) umask 77 ; \ /usr/bin/openssl req -utf8 -new -key test.org.key -x509 -days 365 -out test.org.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:sh Locality Name (eg, city) [Default City]:sh Organization Name (eg, company) [Default Company Ltd]:www.test.org Organizational Unit Name (eg, section) []:sh Common Name (eg, your name or your server's hostname) []:www.test.org Email Address []:
只有标红的地方重要,其他地方可以随便填
5、在存放nginx配置文件的家目录下,创建用于存放证书和私钥的文件夹
mkdir /etc/nginx/ssl/
6、将刚刚生成的私钥文件和证书移动到ssl文件夹下
mv test.* /etc/nginx/ssl/
7、将证书文件和私钥的权限设置为600
chmod 600 /etc/nginx/ssl/*
二、修改nginx配置文件
1、创建用于存放主页的文件夹
mkdir /data/test{com,org} -pv
2、生成测试页面
echo /data/testcom/index.html > /data/testcom/index.html echo /data/testorg/index.html > /data/testorg/index.html
3、使用虚拟主机,修改虚拟主机配置文件
vim /etc/nginx/conf.d/test.conf
(这里的名字叫什么无所谓,后缀是conf就行(没有这个文件就新建))
server { listen 443 ssl; listen 80; server_name www.test.com; #指定家目录所在位置 root /data/testcom/; #秘钥和证书的具体位置 ssl_certificate /etc/nginx/ssl/test.com.crt; ssl_certificate_key /etc/nginx/ssl/test.com.key; ssl_session_cache shared:sslcache:20m; #ssl会话超时时间 10分钟 ssl_session_timeout 10m; #生成独立的日志文件,采用main格式,这个格式是在nginx的主配置文件中定义的 access_log /var/log/nginx/test.com.log main; #设置当使用https访问任意目录,自动跳转到https if ( $scheme = http ) { rewrite ^/(.*)$ https://www.test.com/$1 redirect; } } #另外一个主机 server { listen 443 ssl; listen 80; server_name www.test.org; #指定家目录所在位置 root /data/testorg/; #秘钥和证书的具体位置 ssl_certificate /etc/nginx/ssl/test.org.crt; ssl_certificate_key /etc/nginx/ssl/test.org.key; ssl_session_cache shared:sslcache:20m; #ssl会话超时时间 10分钟 ssl_session_timeout 10m; #生成独立的日志文件,采用main格式,这个格式是在nginx的主配置文件中定义的 access_log /var/log/nginx/test.org.log main; #设置当使用https访问任意目录,自动跳转到https if ( $scheme = http ) { rewrite ^/(.*)$ https://www.test.org/$1 redirect; } }
4、检查语法是否有错误
[19:32:47 root@localhost data]#nginx -t
5、返回如下则正常
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
6、启动服务
nginx
三、测试访问
1、修改测试的主机的hosts文件
Windows:
C:\Windows\System32\drivers\etc\hosts
Linux:
vim /etc/hosts
都是在最后一行添加IP地址和对应的主机头
192.168.1.4 www.test.com www.test.org
由于目前的域名都是解析不了的,所以测试环境下,可以直接修改hosts文件
2、curl 浏览器测试访问 www.test.com
19:39:19 root@localhost certs]#curl www.test.com -Lk /data/testcom/index.html
-L跟踪重定向,默认只显示301页面,不继续往后跳转,k忽略证书检查
3、curl 浏览器访问www.test.org
curl www.test.org -Lk /data/testorg/index.html
标签:www,nginx,主机,ssl,IP地址,test,org,com 来源: https://www.cnblogs.com/alexlv/p/14850921.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。