×ðÁú¿­Ê±¹ÙÍøµÇ¼

ÆÊÎöNginxµÄHTTPSÉèÖúÍÖ¤ÊéÖÎÀíʵÏÖϸ½Ú

nginxµÄhttpsÉèÖúÍÖ¤ÊéÖÎÀíʵÏÖϸ½ÚÆÊÎö

ÔÚÍøÂçÐÅÏ¢Çå¾²ÁìÓò£¬HTTPSЭÒéÊǺÜÊÇÖ÷ÒªµÄÒ»ÖÖÇ徲ͨѶÊÖÒÕ£¬ËüΪ»¥ÁªÍøÉϵÄÊý¾Ý´«ÊäÌṩÁËÒ»ÖÖ¼ÓÃÜ¡¢Éí·ÝÈÏÖ¤ºÍÍêÕûÐÔ±£»¤µÄ»úÖÆ¡£NginxÊÇÒ»¸ö¸ßÐÔÄܵÄWebЧÀÍÆ÷ºÍ·´ÏòÊðÀíЧÀÍÆ÷£¬Ëü²»µ«Ö§³ÖHTTPЭÒ飬»¹Ö§³ÖHTTPSЭÒé¡£ÔÚ±¾ÎÄÖУ¬ÎÒÃǽ«ÆÊÎöNginxµÄHTTPSÉèÖúÍÖ¤ÊéÖÎÀíµÄʵÏÖϸ½Ú£¬²¢¸ø³öÏìÓ¦µÄ´úÂëʾÀý¡£

ÌìÉúHTTPSÖ¤Êé

ҪʹÓÃHTTPSЭÒ飬Ê×ÏÈÐèÒªÌìÉúÒ»¶Ô¹«Ë½Ô¿ºÍÒ»¸öSSLÖ¤Êé¡£¿ÉÒÔʹÓÃopenssl¹¤¾ßÌìÉúÕâЩÎļþ¡£ÒÔÏÂÊÇÒ»¸öʾÀý£º

$ openssl genrsa -out private.key 2048
$ openssl req -new -key private.key -out csr.csr
$ openssl x509 -req -days 365 -in csr.csr -signkey private.key -out certificate.crt

µÇ¼ºó¸´ÖÆ

ÔÚÉÏÊö´úÂëÖУ¬private.keyÊÇÌìÉúµÄ˽ԿÎļþ£¬csr.csrÊÇÖ¤ÊéÇëÇóÎļþ£¬certificate.crtÊÇ×îÖÕÌìÉúµÄSSLÖ¤Êé¡£

NginxÉèÖÃHTTPS

ÔÚNginxµÄÉèÖÃÎļþÖУ¬¿ÉÒÔͨ¹ýÌí¼ÓÒÔϼ¸ÐÐÉèÖÃÀ´ÆôÓÃHTTPS£º

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
}

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖеÄlistenÖ¸Áî½ç˵Á˼àÌýµÄ¶Ë¿ÚºÍЭÒ飬ssl_certificateÖ¸Áî½ç˵ÁËSSLÖ¤ÊéµÄ·¾¶£¬ssl_certificate_keyÖ¸Áî½ç˵ÁË˽ԿÎļþµÄ·¾¶¡£

Ö¤ÊéÁ´ºÍÖÐÑëÖ¤Êé

ÔÚһЩÇéÐÎÏ£¬SSLÖ¤Êé¿ÉÄÜÓɶà¸öÖ¤Êé×é³É£¬ÆäÖÐÒ»¸öÊÇSSLÖ¤Êé×Ô¼º£¬ÆäÓàµÄÊÇÖÐÑëÖ¤Êé¡£ÔÚNginxµÄÉèÖÃÎļþÖУ¬¿ÉÒÔͨ¹ýÒÔÏ·½·¨ÉèÖÃÖÐÑëÖ¤Ê飺

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    ssl_trusted_certificate /path/to/intermediate.crt;
}

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖеÄssl_trusted_certificateÖ¸Áî½ç˵ÁËÖÐÑëÖ¤ÊéµÄ·¾¶¡£µ±ä¯ÀÀÆ÷ÓëNginx½¨ÉèÅþÁ¬Ê±£¬Nginx»á½«SSLÖ¤ÊéÁ´Ò»Í¬´«Êä¸øä¯ÀÀÆ÷£¬ÒÔ¹©ÑéÖ¤¡£

Ç¿ÖÆʹÓÃHTTPS

ÔÚÐí¶àÇéÐÎÏ£¬ÍøվϣÍûËùÓеÄHTTPÇëÇó¶¼×Ô¶¯Öض¨Ïòµ½HTTPS¡£¿ÉÒÔͨ¹ýÒÔÏ·½·¨ÉèÖÃNginxµÖ´ï´ËÄ¿µÄ£º

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

µÇ¼ºó¸´ÖÆ

ÉÏÊö´úÂëÖеÄreturnÖ¸ÁËùÓеÄHTTPÇëÇóÖض¨Ïòµ½HTTPS¡£

Ö¤ÊéÖÎÀí

ÔÚÏÖʵӦÓÃÖУ¬SSLÖ¤Êé¿ÉÄÜ»áÓâÆÚ»òÐèÒª¸üУ¬´ËʱÐèÒª¾ÙÐÐÏìÓ¦µÄÖ¤ÊéÖÎÀí¡£ÒÔÏÂÊÇһЩ³£¼ûµÄÖ¤ÊéÖÎÀí²Ù×÷ºÍÏìÓ¦µÄʾÀý´úÂ룺

Éó²éSSLÖ¤ÊéÐÅÏ¢£º

$ openssl x509 -in certificate.crt -text -noout

µÇ¼ºó¸´ÖÆ

Éó²éÖ¤ÊéÇëÇóÐÅÏ¢£º

$ openssl req -in csr.csr -text -noout

µÇ¼ºó¸´ÖÆ

ÑéÖ¤SSLÖ¤ÊéºÍ˽ԿÊÇ·ñÆ¥Å䣺

$ openssl rsa -in private.key -check
$ openssl x509 -noout -modulus -in certificate.crt | openssl md5
$ openssl rsa -noout -modulus -in private.key | openssl md5

µÇ¼ºó¸´ÖÆ

ÑéÖ¤Ö¤ÊéÁ´µÄÓÐÓÃÐÔ£º

$ openssl verify -CAfile intermediate.crt certificate.crt

µÇ¼ºó¸´ÖÆ

ͨ¹ýÒÔÉÏÖ¤ÊéÖÎÀí²Ù×÷£¬¿ÉÒÔ¶ÔSSLÖ¤Êé¾ÙÐÐÉó²é¡¢ÑéÖ¤ºÍ¸üеȲÙ×÷¡£

×ܽ᣺

±¾ÎÄÆÊÎöÁËNginxµÄHTTPSÉèÖúÍÖ¤ÊéÖÎÀíµÄʵÏÖϸ½Ú£¬²¢¸ø³öÁËÏìÓ¦µÄ´úÂëʾÀý¡£Í¨¹ýÉÏÊöÉèÖúÍÖ¤ÊéÖÎÀí²Ù×÷£¬ÎÒÃÇ¿ÉÒÔÔÚNginxÉÏʵÏÖÇå¾²µÄHTTPSͨѶ£¬²¢¶ÔSSLÖ¤Êé¾ÙÐÐÓÐÓõÄÖÎÀí¡£

ÒÔÉϾÍÊÇÆÊÎöNginxµÄHTTPSÉèÖúÍÖ¤ÊéÖÎÀíʵÏÖϸ½ÚµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ