Nginx環境ssl配置+手動生成證書

原創

2020-06-21 00:08

1.配置https訪問：

yum install nginx httpd-tools
vim /etc/nginx/conf.d/docker-registry.conf

upstream docker-registry {
 server localhost:5000;
}
server {
 listen 8080;
 server_name registry.wmj.com;
 ssl on;
 ssl_certificate /etc/ssl/nginx.crt;
 ssl_certificate_key /etc/ssl/nginx.key;
 proxy_set_header Host       $http_host;   # required for Docker client sake
 proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP
 client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
 chunked_transfer_encoding on;
 location / {
     # let Nginx know about our auth file
     auth_basic              "Docker";
     auth_basic_user_file    docker-registry.htpasswd;
     proxy_pass http://docker-registry;
 }
 location /_ping {
     auth_basic off;
     proxy_pass http://docker-registry;
 }
 location /v1/_ping {
     auth_basic off;
     proxy_pass http://docker-registry;
 }
}

# htpasswd -c docker-registry.htpassw wmj #生成http密碼

2.手動生成證書：

生成根證書
# cd /etc/pki/CA/
# touch ./{serial,index.txt}
# echo "00" > serial
爲CA生成一個私鑰
# openssl genrsa -out private/cakey.pem 2048
簽發CA證書
# openssl req -new -x509 -key private/cakey.pem -days 3650 cacert.pem

    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:Changsha
    Locality Name (eg, city) [Default City]:Changsha
    Organization Name (eg, company) [Default Company Ltd]:wmj
    Organizational Unit Name (eg, section) []:docker
    Common Name (eg, your name or your server's hostname) []:docker.wmj.com
    Email Address []:[email protected]

生成nginx的key:
# cd /etc/ssl/
# openssl genrsa -out nginx.key 2048
# openssl req -new -key nginx.key -out nginx.csr

    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:Changsha
    Locality Name (eg, city) [Default City]:Changsha
    Organization Name (eg, company) [Default Company Ltd]:wmj
    Organizational Unit Name (eg, section) []:docker
    Common Name (eg, your name or your server's hostname) []:registry.wmj.com
    Email Address []:[email protected]

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

簽發nginx證書：
# openssl ca -in nginx.csr -days 3650 -out nginx.crt     #按兩個Y

讓系統接受自簽發的證書：
# cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt

發表評論

所有評論

還沒有人評論，想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.

Nginx環境ssl配置+手動生成證書

1.配置https訪問：

2.手動生成證書：

Percona Monitoring Plugins for Zabbix

Cobbler自動化安裝 - 學習筆記

使用Nginx+Lua實現的WAF - 學習筆記

Saltstack實現Openstack管理

Nginx環境ssl配置+手動生成證書

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結