開發時需要測試 ssl 的功能或配置結果但不需要真的 ssl 證書時,我們可以生成自己的 ssl 配置在本機使用 https 連入。
生成證書
| openssl req -nodes -newkey rsa:2048 -sha256 -keyout server.key -out server.csr |
| |
| |
| |
| |
| |
| openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt |
Nginx config
| server { |
| listen 443; |
| listen [::]:443; |
| server_name ssl.local; |
| |
| location / { |
| root /usr/share/nginx/html; |
| index index.html index.htm; |
| } |
| |
| ssl on; |
| ssl_certificate_key /etc/nginx/ssl/server.key; |
| ssl_certificate /etc/nginx/ssl/server.crt; |
| |
| location ~ /\.ht { |
| deny all; |
| } |
| } |
Apache Config
| <VirtualHost *:443> |
| ServerName ssl.local |
| DocumentRoot /var/www/ssl/ |
| |
| SSLEngine on |
| SSLCertificateKeyFile /usr/local/apache2/conf/server.key |
| SSLCertificateFile /usr/local/apache2/conf/server.crt |
| SSLCertificateChainFile /usr/local/apache2/conf/server.crt |
| |
| <Directory "/var/www/ssl/"> |
| Options Indexes FollowSymLinks |
| AllowOverride None |
| Require all granted |
| </Directory> |
| </VirtualHost> |
沒有留言:
張貼留言