使用自签名 SSL 证书设置 Nginx HTTPS.
It’s not recommended to use HTTPS without a valid SSL/TLS certificate. The certificate is used to encrypt communication between the server and client, and without a valid certificate, 连接不会加密并且容易受到攻击.
然而, if you still want to use HTTPS without a valid SSL/TLS certificate, 你可以通过使用来做到这一点 自签名证书 or a certificate issued by a private Certificate Authority (CA). 以下是使用 nginx 执行此操作的方法:
- Generate a self-signed certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx-selfsigned.key -out /etc/nginx/ssl/nginx-selfsigned.crt
This command generates a self-signed certificate and key with a validity of 365 天并将它们保存到 /etc/nginx/ssl/nginx-selfsigned.key 和 /etc/nginx/ssl/nginx-selfsigned.crt 分别.
- Configure nginx to use the self-signed certificate:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/nginx-selfsigned.key;
# other server configurations
}此配置告诉 nginx 监听端口 443 (HTTPS) and use the self-signed certificate and key for SSL/TLS encryption.
请注意,默认情况下,自签名证书不受信任 Web 浏览器,当用户尝试访问时会出现警告消息 网站. 为了避免这种情况, you can install the self-signed certificate on the client devices or use a valid SSL/TLS certificate issued by a trusted CA.
