Настройка на Nginx HTTPS със самоподписан SSL сертификат.
It’s not recommended to use HTTPS without a valid SSL/TLS certificate. Сертификатът се използва за криптиране на комуникацията между сървъра и клиента, и без валиден сертификат, the connection will not be encrypted and will be vulnerable to attacks.
въпреки това, if you still want to use HTTPS without a valid SSL/TLS certificate, you can do so by using a self-signed certificate or a certificate issued by a private Certificate Authority (CA). Here’s how to do it using nginx:
- Generate a self-signed certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx-selfsigned.key -out /etc/nginx/ssl/nginx-selfsigned.crt
This command generates a self-signed certificate and key with a validity of 365 days and saves them to /etc/nginx/ssl/nginx-selfsigned.key
и /etc/nginx/ssl/nginx-selfsigned.crt
respectively.
- Configure nginx to use the self-signed certificate:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
# other server configurations
}
This configuration tells nginx to listen on port 443 (HTTPS) and use the self-signed certificate and key for SSL/TLS encryption.
Note that self-signed certificates are not trusted by default by web browsers and will result in a warning message when a user tries to access the website. За да се избегне това, you can install the self-signed certificate on the client devices or use a valid SSL/TLS certificate issued by a trusted CA.