-
mkdir sslZhengShu -
openssl req -newkey rsa:2048 -nodes -keyout ca.key -out ca.csr
-
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt -
openssl genrsa -out server.key 2048 -
openssl req -new -key server.key -out server.csr和之前输入一样即可 -
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -
openssl genrsa -out client.key 2048 -
openssl req -new -key client.key -out client.csr和之前输入一样即可 -
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365
10. 配置nginx
server {listen 80 ;server_name localhost;location /datamanage/prod-api/ {proxy_pass http://XXX.XXX.XXX.XX:8080/;}location /datamanage {alias datamanage;index index.html index.htm;# 当路由为history模式时,需要的配置try_files $uri $uri/ /datamanage/index.html;}location /bigdatamanage {alias bigdatamanage;index index.html index.htm;# 当路由为history模式时,需要的配置try_files $uri $uri/ /bigdatamanage/index.html;}
}server {listen 443 ssl;server_name localhost;ssl_certificate /usr/local/zhengshu/server.crt;ssl_certificate_key /usr/local/zhengshu/server.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;location / {#root html;#index index.html index.htm;proxy_pass http://localhost:80;}}
