keytool -genkey -v -alias nginx -keyalg RSA -keystore nginx.keystore -validity 36500
alias alias is nginx
keystore file For nginx.keystore
validity is valid for 36500 days
Follow the above figure to help us generate the nginx.keystore file
JKS2PFX.bat nginx.keystore 123456 nginx exportfile .
This JKS2PFX.bat is a tool, the download address is
nginx.keystore, which is the file we just generated
123456 is the password we just generated the nginx.keystore file and set
nginx is the alias we just set
exportfile is the file name we want to generate
., the directory where the ssl certificate is generated, indicating the current folder
运行方式: JKS2PFX.bat <KeyStore文件> <KeyStore密码> <Alias别名> <导出文件名> [目录]
The conversion will generate:
We will copy the exportfile.crt and exportfile.key files to the ssl directory of nginx's conf
server { listen 443 ssl; server_name localhost; ssl_certificate ssl/exportfile.crt; ssl_certificate_key ssl/exportfile.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_pass http://localhost/; } }
After configuration, use nginx -s reload to restart.
This configuration supports http and https at the same time
means that
ssl
has been configured
nginx needs to support ssl. If it does not support it, you need to add a security module.
with-http_ssl_module: ssl module, if not, you can install it yourself
The above is the detailed content of How to configure SSL access locally on Nginx. For more information, please follow other related articles on the PHP Chinese website!