[root@web01 /etc/nginx/ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt Generating a 2048 bit RSA private key ....................+++ ..........+++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:SZ Locality Name (eg, city) [Default City]:SZ Organization Name (eg, company) [Default Company Ltd]:oldboy Organizational Unit Name (eg, section) []:oldboy Common Name (eg, your name or your server's hostname) []:SA Email Address []:wufei008@qq.com # req -->用于创建新的证书 # new -->表示创建的是新证书 # x509 -->表示定义证书的格式为标准格式 # key -->表示调用的私钥文件信息 # out -->表示输出证书文件信息 # days -->表示证书的有效期
4.证书申请完成后需要了解Nginx 如何配置Https
1 2 3 4 5 6 7 8 9 10 11 12 13 14
#是否开始ssl 支持 Syntax: ssl on | off; Default: ssl off; Context: http, server
[root@lb01 ~]# mkdir /etc/nginx/ssl/ssh_key -p [root@lb01 ~]# mkdir /etc/nginx/ssl_key -p [root@lb01 ~]# cd /etc/nginx/ssl_key/ [root@lb01 /etc/nginx/ssl_key]# openssl genrsa -idea -out server.key 2048 [root@lb01 /etc/nginx/ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt Generating a 2048 bit RSA private key ....................+++ ..........+++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:SZ Locality Name (eg, city) [Default City]:SZ Organization Name (eg, company) [Default Company Ltd]:oldboy Organizational Unit Name (eg, section) []:oldboy Common Name (eg, your name or your server's hostname) []:SA Email Address []:wufei008@qq.com
[root@lb01-5 /etc/nginx/conf.d]# cat 01-www.conf # 定义后端资源池 upstream server_pools { server 172.16.1.7:80; server 172.16.1.8:80; server 172.16.1.9:80; } upstream zh_pools { server 172.16.1.7:80; server 172.16.1.8:80; server 172.16.1.9:80; }
[root@lb01-5 /etc/nginx/conf.d]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@lb01-5 /etc/nginx/conf.d]# systemctl reload nginx