单台实现https
使用openssl命令充当CA权威机构创建证书(生产不使用此方式生成证书,不被互联网认可的黑户证书)
# 检查有没有ssl模块
[root@web03 ~]# nginx -V
--with-http_ssl_module
# 创建证书和私钥存放地址
[root@web03 ~]# mkdir /etc/nginx/ssl
[root@web03 ~]# cd /etc/nginx/ssl
[root@web03 ssl]# data +%Y%m%d%H%M%S
-bash: data: command not found
[root@web03 ssl]# date +%Y%m%d%H%M%S
20200604112251
[root@web03 ssl]# openssl genrsa -idea -out $(date +%Y%m%d%H%M%S).key 2048
Generating RSA private key, 2048 bit long modulus
.........................................+++
...+++
e is 65537 (0x10001)
Enter pass phrase for 20200604112307.key:
Verifying - Enter pass phrase for 20200604112307.key:
[root@web03 ssl]# ll
total 4
-rw-r--r-- 1 root root 1739 Jun 4 11:23 20200604112307.key
# 生成证书
[root@web03 ssl]# openssl req -days 36500 -x509
> -sha256 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/20200604112307.key -out /etc/nginx/ssl/20200604112307.crt
Generating a 2048 bit RSA private key
..........................+++
...........................................+++
writing new private key to '/etc/nginx/ssl/20200604112307.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:puyang
Organization Name (eg, company) [Default Company Ltd]:zaijia
Organizational Unit Name (eg, section) []:wan
Common Name (eg, your name or your server's hostname) []:wzh.com (这里要填写真实的域名)
Email Address []:123@qq.com
[root@web03 ssl]# ll
total 8
-rw-r--r-- 1 root root 1375 Jun 4 11:30 20200604112307.crt
-rw-r--r-- 1 root root 1704 Jun 4 11:30 20200604112307.key
# 命令参数
# req --> 用于创建新的证书
# new --> 表示创建的是新证书
# x509 --> 表示定义证书的格式为标准格式
# key --> 表示调用的私钥文件信息
# out --> 表示输出证书文件信息
# days --> 表示证书的有效期
# 编辑nginx配置文件
[root@web03 nginx]# cat conf.d/blog.wzh.com.conf
server {
listen 80;
server_name hhh.wzh.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name hhh.wzh.com;
ssl_certificate /etc/nginx/ssl/20200604112307.crt;
ssl_certificate_key /etc/nginx/ssl/20200604112307.key;
location / {
root /opt/wzh;
index index.html;
}
}
# 检测语法
nginx -t
# 重新加载
systemctl reload nginx
# 创建站点目录
[root@web03 nginx]# mkdir /opt/wzh
# 编辑nginx页面
[root@web03 nginx]# cat /opt/wzh/index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>my website</title>
</head>
<body>
<article>
<header>
<h1>被钓鱼网站</h1>
<p>创建时间:<time pubdate="pubdate">2020/6/4</time></p>
</header>
<p>
<b>标题:</b>啥也不是
</p>
<footer>
<p><small>改着玩呗</small></p>
</footer>
</article>
</body>
</html>
# 域名解析
# 浏览器访问
