使用OpenSSL生成内网证书
openssl
传输层安全性/安全套接层及其加密库
项目地址:https://gitcode.com/gh_mirrors/ope/openssl
免费下载资源
·
OpenSSL 安装
下载地址
https://download.csdn.net/download/dongyan3595/87701060
阅读安装许可协议,选择I accept the agreement我同意,点击next下一步
选择安装位置,点击next下一步
创建OpenSSL快捷方式,点击next下一步
选择The Windows system directory,点击next下一步
安装程序准备安装,点击Install安装
环境变量配置
查找openssl.cnf文件的路径
openssl version -d
生成根证书私钥
openssl genrsa -passout pass:123456 -des3 -out server.key 2048
生成证书签名请求CSR文件
openssl req -passin pass:123456 -new -key server.key -out server.csr -subj "/C=CN/ST=ST/L=CITY/O=o/OU=ou/CN=192.168.0.115"
生成CA证书
openssl x509 -req -passin pass:123456 -days 18250 -sha256 -signkey server.key -extensions v3_ca -extfile D:\openssl.cnf -in D:\server.csr -out D:\server.crt 
去除密码防止更新及登陆需要密码验证
openssl rsa -in server.key -out server.key.unsecure
配置Nginx
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# 这里是为了使用负载均衡,使得多个ip可以提供同一个服务,weight为权值
# 权值越高,被选中的概率越大
upstream monitor_server {
# 需要代理的本地端口
server 127.0.0.1:8083 weight=4;
}
server {
listen 443 ssl;
server_name 192.168.0.115; # 域名
ssl_certificate D:/server.crt; # 证书路径
ssl_certificate_key D:/server.key.unsecure; # 私钥路径
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
error_page 497 https://$host$uri$args;
location /project {
proxy_pass http://monitor_server/project;
proxy_set_header Host $host;
proxy_connect_timeout 4s;
proxy_read_timeout 7200s;
proxy_send_timeout 12s;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100m;
root html;
index index.jsp index.html;
}
location /{
proxy_pass http://monitor_server/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect http:// $scheme://; # 做https跳转
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; # 反向代理时透传给后端tomcat,用户使访问协议,tomcat后面也需要添加配置接收此参数
client_max_body_size 100m;
root html;
index index.jsp index.html;
}
location /websocketOnline {
proxy_pass http://127.0.0.1:8889;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host:$server_port;
proxy_set_header Upgrade $http_upgrade;
}
location /websocketChat {
proxy_pass http://127.0.0.1:8090;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name 192.168.0.115; # 域名
location /{
# 这里是强制跳转https
rewrite ^(.*)$ https://$host$1 last;
}
}
}网页访问
https://192.168.0.115/project
GitHub 加速计划 / ope / openssl
20
1
下载
传输层安全性/安全套接层及其加密库
最近提交(Master分支:3 个月前 )
b049ce0e
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26359)
4 天前
75416c09
Once lcov is updated to 2.2 version or later, it could be dropped.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26381)
5 天前
旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。
更多推荐
3
0- 0
已为社区贡献5条内容
所有评论(0)