Nginx 和 node https配置

1.生成證書

自制CA私鑰

openssl genrsa -des3 -out ca.key 4096

自制CA證書

openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

自制Server私鑰，生成免密碼版本

openssl genrsa -des3 -out server.key 4096 openssl rsa -in server.key -out server.nosecret.key

制作csr文件

openssl req -new -key server.key -out server.csr

用CA證書私鑰對csr簽名（CA不能用X509，這點需要注意）生成Server證書

openssl ca -days 3650 -in server.csr -cert ca.crt -keyfile ca.key -out server.crt

2.創(chuàng)建node服務端

安裝node環(huán)境，新建demo文件夾。打開終端輸入命令：

npm init

npm install express

新建serve.js編寫以下代碼：

var app = require('express')();
var fs = require('fs');
var http = require('http');
var https = require('https');
var privateKey  = fs.readFileSync('private.pem', 'utf8');
var certificate = fs.readFileSync('file.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};

var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
var PORT = 18080;
var SSLPORT = 18081;

httpServer.listen(PORT, function() {
    console.log('HTTP Server is running on: http://localhost:%s', PORT);
});
httpsServer.listen(SSLPORT, function() {
    console.log('HTTPS Server is running on: https://localhost:%s', SSLPORT);
});

// Welcome
app.get('/', function(req, res) {
    if(req.protocol === 'https') {

終端運行開啟服務：

node serve.js

3.添加ngnix服務

安裝nginx，修改Nginx.cfg文件。

server {
    listen 443;
    server_name localhost;
    ssl on;
    ssl_certificate ssl/server.crt;
    ssl_certificate_key ssl/server.nosecret.key;
    location /t {
        echo "Hello World";
    }
}

4.配置服務轉(zhuǎn)發(fā)

配置轉(zhuǎn)發(fā)實現(xiàn)http和https共同訪問

server {  
    listen  80;  
    server_name blog.90its.cn;   
    rewrite ^(.*)$  https://$host$1 permanent;  
}
server {
    listen  443 ssl;
    server_name  www.wishpeng.top;
    ssl         on; 
    ssl_certificate     /home/admin/https/file.crt; 
    ssl_certificate_key /home/admin/https/private.pem; 
    location / {
        proxy_pass http://localhost:18080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
    location /public {
        root /phpstudy/wishpeng;
    }
}

小禮物走一走，來簡書關注我

作者：WishPeng
鏈接：http://m.itdecent.cn/p/7c865905b9f4
來源：簡書
簡書著作權歸作者所有，任何形式的轉(zhuǎn)載都請聯(lián)系作者獲得授權并注明出處。