证书配置 https

在这里插入图片描述
在这里插入图片描述

本文档以CentOS 7、Nginx 1.15.6为例
https://help.aliyun.com/document_detail/98728.html?spm=5176.2020520163.0.0.132b56a7xf8IJ8

# 以下属性中以ssl开头的属性代表与证书配置有关,其他属性请根据自己的需要进行配置。
server {
    listen 443 ssl;              #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
    server_name localhost;       #将localhost修改为您证书绑定的域名,例如:www.example.com。
    root html;
    index index.html index.htm;
    
    ssl_certificate     cert/domain name.pem;   #将domain name.pem替换成您证书的文件名。
    ssl_certificate_key cert/domain name.key;   #将domain name.key替换成您证书的密钥文件名。
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。
    ssl_prefer_server_ciphers on;   

    location / {
        root html;   #站点目录。
        index index.html index.htm;   
    }
}

http 请求跳转到 https
server {
    listen 80;
    server_name localhost;                      # 将localhost修改为您证书绑定的域名,例如:www.example.com。
    rewrite ^(.*)$ https://$host$1 permanent;   # 将所有http请求通过rewrite重定向到https。
    location / {
        index index.html index.htm;
    }
}

支持反向代理的一份https配置参考
[root@nexus3 conf.d]# cat docker_images.conf 
upstream nexus_docker_get {
    server 127.0.0.1:8084;
}

upstream nexus_docker_put {
    server 127.0.0.1:8082;
}

server {
    listen               443 ssl;
    server_name          test.as4k.com;
   
    ssl_certificate      /nexus3/cert/test.com.crt;
    ssl_certificate_key  /nexus3/cert/test.com.key;
    ssl_session_timeout  5m;
    ssl_ciphers          ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
   
    client_max_body_size      0;
    chunked_transfer_encoding on;
   
    set $upstream "nexus_docker_put";
    if ( $request_method ~* 'GET') {
        set $upstream "nexus_docker_get";
    }

    if ($request_uri ~ '/search') {
        set $upstream "nexus_docker_put"; 
    }  

    index index.html index.htm index.php;
    location / {
        proxy_pass http://$upstream;
        proxy_set_header Host $host;
        proxy_connect_timeout 3600;
        proxy_send_timeout 3600;
        proxy_read_timeout 3600;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering off;
        proxy_request_buffering off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto http;
    }
}


配置K8S Dashboard证书参考
[root@dpk1 conf.d]# cat /etc/nginx/conf.d/k8s.as4k.com.conf 

server {
    listen 443    ssl;                       
    server_name   k8s.as4k.com;
    root          html;
    index         index.html index.htm;
    
    ssl_certificate                /etc/nginx/cert/as4k.com.crt;  
    ssl_certificate_key            /etc/nginx/cert/as4k.com.key;  
    ssl_session_timeout            5m;
    ssl_ciphers                    ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; 
    ssl_protocols                  TLSv1 TLSv1.1 TLSv1.2;  
    ssl_prefer_server_ciphers      on;

    location / {
        proxy_pass                 https://127.0.0.1:30000;
        proxy_set_header Host      $host;
        proxy_connect_timeout      3600;
        proxy_send_timeout         3600;
        proxy_read_timeout         3600;
        proxy_set_header           X-Real-IP $remote_addr;
        proxy_buffering            off;
        proxy_request_buffering    off;
        proxy_set_header           X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header           X-Forwarded-Proto http;
    }
}

server {
    listen          80;
    server_name     k8s.as4k.com;
    rewrite ^(.*)$  https://$host$1 permanent;
}

别忘记在相应的域名管理平台把域名解析到对应的公网IP地址上去

xtest.as4k.top 证书记录

bogon:~ ndps$ cat /Users/ndps/Downloads/3797235_xtest.as4k.top_nginx/3797235_xtest.as4k.top.key
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAtMoQdbLDcgmRNYcCf8pfZ/Dp73oJCdAmIsCkdgxGSqqgRrxa
5JUsB+r5kYtV3qCJ+fl+LI7A5x7tIziNf8N3qxjp70iInMzoA5RvRdaHZJ+9JiFH
mbhcQJLFrTcNYWG9okIEKLPTCz8cIJDM9OuMGuTJMsqVQkBAEAHZwGqokoLByzej
SzKAv/bEYPC40/406/pYZh3CS1TydUo3VV8k+0PVKRR5aq3fjgh4av3608+b8yKS
k0vaqZfFE2Em1x4A6An8qMTOmb5EjZ9ybLIkzXUFJUplRNW4Mg6EzOdMkRgWt+60
A/o14576zac8krltSj9Ym71f0ZsTSvzz6hmJRQIDAQABAoIBADs7eOkXCLH0MH85
HLiBtYB4jizH7u4oJFZ+h2Ol4eHUxW5nh+Acf7CYa+wjmp62On6MH6q5mroeh9Ni
U/noMOz93KdpPFkjSWDi4RIgl3uAWpiDjtHudUsyy1FVGC0vuNHQj0xGnn6wzqZc
ysnz4pNtIf5iIUTziAm2kYFZcKGPaGmEBbsqffSP/sPh3Kp0CZ07xZHU/wSoWqHc
mZuTFL7Dy8nWF+PNAS1usW/gh06c7Ig/AbT9HrrugtYtyMFJ3XXxKfrYOP/bnz8o
FzAwKF3iABbgVyIHBOhk8Xwk69YffExjWCdnVGVKUaFVU6aYb4U/NnUsvdpZ4TC9
wDr3+oECgYEA5afEFJxIkaqShe2jVKml9oa5w69D0nua/MvTQDfrwvMWmGJ7lvDy
8yELoV3b+1+ds98pH+QDEYusQlufxvvGPeWf6tVlWXBniYuZsX8FNlUAt9G5WmOG
WV+lt6Y3Jzu6LLAymoVvyY1hFR9eOIUyEzcykkItVMrlUPr/PrPAuvcCgYEAyYdC
7CpVORwXtaETxnNlvTxdiwOaBaI81FkRiPLzYQ5etY4cG2UR2cwtsCc+VeDgs13a
C2+VnhmQvEV7kaf/Q5WBuY0lnI1uxuWz14e42PAgxfjCeRx3upWhVt3unrdIVFUw
Bw2d7kjnZn7kzrBLMIQvi1pJndOvU4uFU6FD8qMCgYBRX+7UtsPoCZ69ogS73RkX
j4mHUzUfAflbFgYWvTnm7CfXex370AjmKZFrbkyid7DzqWFzEWIc93bkVH77DP+j
sxfFKDQvSusFC9g70pxQMjJ87+1Tn+xdAs0/k7/7QOipKQ3lPt7rdhMuXt0N/fRO
ZsKenKBfaT10QlvrJdpm5QKBgAmqMfxvf0zQ2xY71l3zFNMBfR74mj9g63fnmZ6u
wBtMfCBK43Aw5a1DTIGhMC0gLsaLXrSjslI1uao9ztJKc0SDfAgxC7e5VLG3PGu+
t4+33GqCJpl2Uwugt28aD6KO+aoJt9buwT83Qdm5hjGfZMu72yfcuaEXENZ533gG
SOLvAoGARIB4hGOWlXwGILgZ8kv9gb0jjtdFqAlsUfRLMQ6iZGQscktJGboEEpfF
18ACLspxyXFHhQFtqZwINYTNx8tUm277lJ7/Jp3yhesf9fZxLeeS41J0ZVkmtBxI
ze+7IaDwJzvYhPQ+uArunSoeB08EV3H/wYFVaWW9sS7CkpWFZZY=
-----END RSA PRIVATE KEY-----






bogon:~ ndps$ cat /Users/ndps/Downloads/3797235_xtest.as4k.top_nginx/3797235_xtest.as4k.top.pem 
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIQBjJIXC1E336tqWHS9/RraTANBgkqhkiG9w0BAQsFADBu
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
RFYgVExTIENBIC0gRzEwHhcNMjAwNDIwMDAwMDAwWhcNMjEwNDIwMTIwMDAwWjAZ
MRcwFQYDVQQDEw54dGVzdC5hczRrLnRvcDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALTKEHWyw3IJkTWHAn/KX2fw6e96CQnQJiLApHYMRkqqoEa8WuSV
LAfq+ZGLVd6gifn5fiyOwOce7SM4jX/Dd6sY6e9IiJzM6AOUb0XWh2SfvSYhR5m4
XECSxa03DWFhvaJCBCiz0ws/HCCQzPTrjBrkyTLKlUJAQBAB2cBqqJKCwcs3o0sy
gL/2xGDwuNP+NOv6WGYdwktU8nVKN1VfJPtD1SkUeWqt344IeGr9+tPPm/MikpNL
2qmXxRNhJtceAOgJ/KjEzpm+RI2fcmyyJM11BSVKZUTVuDIOhMznTJEYFrfutAP6
NeOe+s2nPJK5bUo/WJu9X9GbE0r88+oZiUUCAwEAAaOCAnIwggJuMB8GA1UdIwQY
MBaAFFV0T7JyT/VgulDR1+ZRXJoBhxrXMB0GA1UdDgQWBBTu3hRsKYbzkwrtUf06
XrIWqCwyrTAZBgNVHREEEjAQgg54dGVzdC5hczRrLnRvcDAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwGA1UdIARFMEMwNwYJ
YIZIAYb9bAECMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNv
bS9DUFMwCAYGZ4EMAQIBMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0
dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBKBggrBgEFBQcwAoY+aHR0cDovL2NhY2Vy
dHMuZGlnaWNlcnQuY29tL0VuY3J5cHRpb25FdmVyeXdoZXJlRFZUTFNDQS1HMS5j
cnQwCQYDVR0TBAIwADCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3APZclC/RdzAi
FFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABcZdaoi4AAAQDAEgwRgIhANGb6zSX
GYArav89ONLNNDfHgp7oJ8RRR5FE19ZYahBiAiEAwjJ0lkziXx3qBRNsFQyMGaiO
2RnXPd8DZpSm1NQlwZUAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scO
ygAAAXGXWqJdAAAEAwBGMEQCIFCiG38FtnN7/3Yty+6h58tyzly6R9y4aVCkN3LF
Lad6AiADInzu+U1wT1d5dYD/a+jIvOZIbzEfETh6YlFtmEDuejANBgkqhkiG9w0B
AQsFAAOCAQEAL2w8S/QWh1CxjkatZ3iR4qbSngTB2EIU8YffW10h+PYwKfWBsA2L
UQ57Nu1jpQ371T8q8ZW9w4R2d6A86Kysqk5or2/ZNrWsbaUr7+ilc8B8yx4DgQ75
29Ijr2RwJvVblmPtuJ7yicT/2gZKteeM/wnqeCVOHugW1wOL+qUZ6OuM6GnsxBD5
rypFV6ZBJWo8HXCOLuXnFBgrDPpDddN3Qd8X/o8d1plc4dTns/fCJol2X4GReQWC
u0XXNqZq/7DvTmk41ATgNCwfXxzhkTbJq/w+UdvLEm5yzST2sVxmsBj+Y2xRqpHY
Q7bRm1QRks2q5xBN8lTWFfwIRVno79T8Xw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
-----END CERTIFICATE-----


更换证书内容需要重启下nginx
Logo
脑启社区

脑启社区是一个专注类脑智能领域的开发者社区。欢迎加入社区,共建类脑智能生态。社区为开发者提供了丰富的开源类脑工具软件、类脑算法模型及数据集、类脑知识库、类脑技术培训课程以及类脑应用案例等资源。

更多推荐

cover

经典算力墙

avatar 脑启社区

生物计算中的多模态数据:提示工程架构师的AI提示融合方法

什么是生物多模态数据?它的融合难点在哪里?生物多模态数据是指来自不同生物层级、不同技术手段的异质数据模态类型数据形式示例核心价值分子模态序列/数值/结构基因组(DNA突变)、转录组(mRNA表达)、蛋白质组(3D结构)解释疾病的分子机制细胞/组织模态图像/单细胞矩阵病理切片(组织形态)、单细胞RNA-seq(细胞类型)连接分子与宏观表型临床模态文本/数值病历(年龄、吸烟史)、肿瘤标志物(CA125

avatar 脑启社区
cover

AI 算力竞赛白热化:GPU 之外,哪些硬件技术正在重塑行业格局?

avatar 脑启社区