{"id":814,"date":"2023-09-04T13:57:25","date_gmt":"2023-09-04T05:57:25","guid":{"rendered":"http:\/\/gjweb.top\/?p=814"},"modified":"2023-09-04T13:57:26","modified_gmt":"2023-09-04T05:57:26","slug":"nginx-%e9%85%8d%e7%bd%ae-https-%e7%8e%af%e5%a2%83","status":"publish","type":"post","link":"https:\/\/gjweb.top\/?p=814","title":{"rendered":"nginx \u914d\u7f6e https \u73af\u5883"},"content":{"rendered":"\n

\u4ee5\u817e\u8baf ssl \u7533\u8bf7\u4e3a\u4f8b,\u4ece 0 \u5f00\u59cb\u914d\u7f6e https ;<\/p>\n\n\n\n

\u817e\u8baf\u4e91\u7533\u8bf7ssl\u8bc1\u4e66<\/h2>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n

\u7533\u8bf7\u514d\u8d39\u7684ssl\u8bc1\u4e66,\u8d70\u5b8c\u5411\u5bfc,\u83b7\u5f97\u8bc1\u4e66\u4fe1\u606f,\u4e0b\u8f7d nginx \u8bc1\u4e66<\/p>\n\n\n\n

\u8bc1\u4e66\u6587\u4ef6\u5305\u62ec<\/p>\n\n\n\n

  • \u57df\u540d.csr<\/li>
  • \u57df\u540d.key<\/li>
  • \u57df\u540d_bundle.crt<\/li>
  • \u57df\u540d_bundle.pem<\/li><\/ul>\n\n\n\n
    \n\n\n\n

    nginx\u914d\u7f6e<\/h2>\n\n\n\n

    \u5728\u5b89\u88c5 nginx \u9ed8\u8ba4\u662f\u6ca1\u6709 https \u6a21\u5757\u7684,\u9700\u8981\u91cd\u65b0\u5b89\u88c5<\/p>\n\n\n\n

    \u67e5\u770b\u670d\u52a1\u5668nginx\u7248\u672c<\/h3>\n\n\n\n
    .\/sbin\/nginx -V<\/code><\/pre>\n\n\n\n
    \u4ee5 1.14.0 \u4e3a\u4f8b\u5b89\u88c5\u6e90\u7801\u5305<\/p>\n\n\n\n
    wget https:\/\/nginx.org\/download\/nginx-1.14.0.tar.gz <\/code><\/pre>\n\n\n\n
    \u89e3\u538b<\/p>\n\n\n\n
    unzip nginx-1.14.0.tar.gz <\/code><\/pre>\n\n\n\n
    \u8fdb\u5165 nginx-1.14.0 , \u914d\u7f6e<\/p>\n\n\n\n
    .\/configure --prefix=\/usr\/local\/nginx --with-http_stub_status_module --with-http_ssl_module<\/code><\/pre>\n\n\n\n
    \u6267\u884c<\/p>\n\n\n\n
    make<\/code><\/pre>\n\n\n\n
    \u5907\u4efd\u539f\u6709\u7684\u5b89\u88c5<\/p>\n\n\n\n
    cp \/usr\/local\/nginx\/sbin\/nginx \/usr\/local\/nginx\/sbin\/nginx.bak<\/code><\/pre>\n\n\n\n
    \u7f16\u8bd1\u597d\u7684nginx\u8986\u76d6\u6389\u539f\u6709\u7684nginx<\/p>\n\n\n\n
    cp .\/objs\/nginx \/usr\/local\/nginx\/sbin\/<\/code><\/pre>\n\n\n\n
    \u5c06 \u4e0b\u8f7d\u7684\u6587\u4ef6\u5939 \u57df\u540d_bundle.crt \u548c \u57df\u540d.key \u4e24\u4e2a\u6587\u4ef6\u653e\u5728 nginx \u6839\u76ee\u5f55\uff0c\u5728 nginx.config \u4e2d\u6dfb\u52a0\u914d\u7f6e<\/p>\n\n\n\n
    server {
            #SSL \u9ed8\u8ba4\u8bbf\u95ee\u7aef\u53e3\u53f7\u4e3a 443
            listen 443 ssl; 
            #\u8bf7\u586b\u5199\u7ed1\u5b9a\u8bc1\u4e66\u7684\u57df\u540d
            server_name \u57df\u540d; 
            #\u8bf7\u586b\u5199\u8bc1\u4e66\u6587\u4ef6\u7684\u76f8\u5bf9\u8def\u5f84\u6216\u7edd\u5bf9\u8def\u5f84
            ssl_certificate \u57df\u540d_bundle.crt; 
            #\u8bf7\u586b\u5199\u79c1\u94a5\u6587\u4ef6\u7684\u76f8\u5bf9\u8def\u5f84\u6216\u7edd\u5bf9\u8def\u5f84
            ssl_certificate_key \u57df\u540d.key; 
            ssl_session_timeout 5m;
            #\u8bf7\u6309\u7167\u4ee5\u4e0b\u534f\u8bae\u914d\u7f6e
            ssl_protocols TLSv1.2 TLSv1.3; 
            #\u8bf7\u6309\u7167\u4ee5\u4e0b\u5957\u4ef6\u914d\u7f6e\uff0c\u914d\u7f6e\u52a0\u5bc6\u5957\u4ef6\uff0c\u5199\u6cd5\u9075\u5faa openssl \u6807\u51c6\u3002
            ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
            ssl_prefer_server_ciphers on;
            location \/ {
                #\u7f51\u7ad9\u4e3b\u9875\u8def\u5f84\u3002\u6b64\u8def\u5f84\u4ec5\u4f9b\u53c2\u8003\uff0c\u5177\u4f53\u8bf7\u60a8\u6309\u7167\u5b9e\u9645\u76ee\u5f55\u64cd\u4f5c\u3002
                #\u4f8b\u5982\uff0c\u60a8\u7684\u7f51\u7ad9\u4e3b\u9875\u5728 Nginx \u670d\u52a1\u5668\u7684 \/etc\/www \u76ee\u5f55\u4e0b\uff0c\u5219\u8bf7\u4fee\u6539 root \u540e\u9762\u7684 html \u4e3a \/etc\/www\u3002
                root html; 
                index  index.html index.htm;
            }
        }<\/code><\/pre>\n\n\n\n
    \u91cd\u542fnginx<\/p>\n\n\n\n
    .\/sbin\/nginx -s reload<\/code><\/pre>\n\n\n\n
    \n\n\n\n
    \u914d\u7f6e\u597d\u540e\u65e0\u6cd5\u901a\u8fc7 https \u8bbf\u95ee<\/h2>\n\n\n\n
    \u5b89\u88c5 nmap<\/p>\n\n\n\n
    yum install nmap<\/code><\/pre>\n\n\n\n
    \u4f7f\u7528 nmap \u626b\u63cf80\u548c443\u7aef\u53e3<\/p>\n\n\n\n
     nmap -Pn IP -p 80,443<\/code><\/pre>\n\n\n\n
    \u5982\u679c\u76d1\u542c\u5230 443 \u7aef\u53e3\u65f6\u5173\u95ed\u72b6\u6001\uff0c\u5982\u4e0b\u56fe\u6240\u793a<\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u89e3\u51b3\u65b9\u6848\u4e00\uff1a<\/p>\n\n\n\n
    \u5f3a\u5236\u505c\u6b62nginx \u624b\u52a8\u542f\u52a8<\/p>\n\n\n\n
    .\/sbin\/nginx -s stop
    .\/sbin\/nginx <\/code><\/pre>\n\n\n\n
    \u91cd\u65b0\u626b\u63cf\uff0c\u67e5\u770b433\u662f\u5426\u5f00\u542f<\/p>\n\n\n\n
    \u89e3\u51b3\u65b9\u6848\u4e8c\uff1a<\/p>\n\n\n\n
    \u5982\u679c\u65b9\u6848\u4e00\u65e0\u6548\uff0c\u8bf7\u68c0\u67e5\u670d\u52a1\u5668\u662f\u5426\u5f00\u542f\u72b6\u6001\uff0c\u53ef\u4ee5\u5173\u95ed\u9632\u706b\u5899<\/p>\n\n\n\n
    sudo systemctl stop firewalld  \/*\u505c\u6b62\u670d\u52a1*\/
    sudo systemctl disable firewalld \/*\u7981\u7528\u9632\u706b\u5899\u670d\u52a1\uff0c\u9632\u6b62\u5f00\u673a\u81ea\u542f*\/
    sudo systemctl status firewalld \/*\u68c0\u67e5\u9632\u706b\u5899\u670d\u52a1\u72b6\u6001*\/<\/code><\/pre>\n\n\n\n
    \u89e3\u51b3\u65b9\u6848\u4e09\uff1a<\/p>\n\n\n\n
    \u5982\u679c\u65b9\u6848\u4e00\u548c\u4e8c\u90fd\u65e0\u6548\u53ef\u4ee5\u5c1d\u8bd5\uff0c\u5c06443\u7aef\u53e3\u6dfb\u52a0\u5230\u9632\u706b\u5899\u4e2d<\/p>\n\n\n\n
    \/*\u6dfb\u52a0\u4e00\u4e2a\u6c38\u4e45\u7684\u89c4\u5219\uff0c\u5141\u8bb8 TCP \u8fde\u63a5\u901a\u8fc7 443 \u7aef\u53e3\u3002*\/
    sudo firewall-cmd --zone=public --add-port=443\/tcp --permanent
    \/*\u91cd\u542f\u9632\u706b\u5899*\/
    sudo firewall-cmd --reload
    \/*\u67e5\u770b\u7aef\u53e3\u8fd0\u884c\u72b6\u6001*\/
    sudo firewall-cmd --zone=public --list-ports<\/code><\/pre>\n\n\n\n
    \u89e3\u51b3\u65b9\u6848\u56db<\/p>\n\n\n\n
    \u67e5\u770b\u670d\u52a1\u5668\u4e91\u5382\u5546\u7684\u5b89\u5168\u7ec4\u65f6\u5019\u5141\u8bb8\u4e86 443 \u7aef\u53e3\u8bbf\u95ee;<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u4ee5\u817e\u8baf ssl \u7533\u8bf7\u4e3a\u4f8b,\u4ece 0 \u5f00\u59cb\u914d\u7f6e https ; \u817e\u8baf\u4e91\u7533\u8bf7ssl\u8bc1\u4e66 \u7533\u8bf7\u514d\u8d39\u7684ssl\u8bc1\u4e66,\u8d70\u5b8c\u5411 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[67],"tags":[],"class_list":["post-814","post","type-post","status-publish","format-standard","hentry","category-nginx"],"_links":{"self":[{"href":"https:\/\/gjweb.top\/index.php?rest_route=\/wp\/v2\/posts\/814","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gjweb.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gjweb.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gjweb.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gjweb.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=814"}],"version-history":[{"count":1,"href":"https:\/\/gjweb.top\/index.php?rest_route=\/wp\/v2\/posts\/814\/revisions"}],"predecessor-version":[{"id":815,"href":"https:\/\/gjweb.top\/index.php?rest_route=\/wp\/v2\/posts\/814\/revisions\/815"}],"wp:attachment":[{"href":"https:\/\/gjweb.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gjweb.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gjweb.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}