化工本地接口调用将http改成https方法

化工平台本地接口是使用的http,想要更换为https,需要客户申请域名证书,通过以下方法更换证书,接口就可使用https调用;

  1. 切换到nginx安装目录
    [seekcy@joysuch softs]$ cd /home/seekcy/softs/
    [seekcy@joysuch softs]$ ll

  2. 上传nginx安装包
    nginx.tar.gz
    /attached/file/20221019/20221019142616_165.gz

  3. 复制nginx
    [seekcy@joysuch softs]$ mv nginx nginx_copy

  4. 解压nginx.tar.gz
    [seekcy@joysuch softs]$ tar -zxvf nginx.tar.gz

  5. 查看nginx进程并删除
    [seekcy@joysuch softs]$ ps -ef|grep nginx
    seekcy 14449 1 0 16:16 ? 00:00:00 nginx: master process /home/seekcy/softs/nginx/sbin/nginx -c /home/seekcy/softs/nginx/conf/nginx.conf
    seekcy 14450 14449 0 16:16 ? 00:00:00 nginx: worker process
    seekcy 15188 28640 0 16:26 pts/3 00:00:00 grep –color=auto nginx
    [seekcy@joysuch softs]$ kill -9 14449 14450

  6. 拷贝原始nginx 目录中的conf到新的nginx目录下
    mv /home/seekcy/softs/nginx/conf /home/seekcy/softs/nginx/conf_copy
    cp -r /home/seekcy/softs/nginx_copy/conf /home/seekcy/softs/nginx/

  7. nginx配置ssl证书部署
    下载申请好的 ssl 证书文件压缩包到本地并解压(这里是用的 pem 与 key 文件,文件名可以更改)。
    在 nginx 目录新建 cert 文件夹存放证书文件。

    1. 创建ssl存放目录
      [seekcy@joysuch sbin]$ cd /home/seekcy/softs/nginx/conf
      [seekcy@joysuch nginx]$ ll
      total 4
      drwx——. 2 seekcy seekcy 6 Oct 15 15:40 client_body_temp
      drwxrwxr-x. 3 seekcy seekcy 4096 Oct 18 16:37 conf
      drwx——. 2 seekcy seekcy 6 Nov 23 2020 fastcgi_temp
      drwxr-xr-x. 2 seekcy seekcy 40 Nov 23 2020 html
      drwxrwxr-x. 2 seekcy seekcy 58 Oct 15 15:14 logs
      drwx——. 3 seekcy seekcy 15 Oct 18 11:23 proxy_temp
      drwxrwxr-x. 2 seekcy seekcy 19 Nov 23 2020 sbin
      drwx——. 2 seekcy seekcy 6 Nov 23 2020 scgi_temp
      drwx——. 2 seekcy seekcy 6 Nov 23 2020 uwsgi_temp
      [seekcy@joysuch nginx]$ mkdir cert
      [seekcy@joysuch nginx]$ ll
      total 4
      drwxrwxr-x. 2 seekcy seekcy 6 Oct 18 16:59 cert
      drwx——. 2 seekcy seekcy 6 Oct 15 15:40 client_body_temp
      drwxrwxr-x. 3 seekcy seekcy 4096 Oct 18 16:37 conf
      drwx——. 2 seekcy seekcy 6 Nov 23 2020 fastcgi_temp
      drwxr-xr-x. 2 seekcy seekcy 40 Nov 23 2020 html
      drwxrwxr-x. 2 seekcy seekcy 58 Oct 15 15:14 logs
      drwx——. 3 seekcy seekcy 15 Oct 18 11:23 proxy_temp
      drwxrwxr-x. 2 seekcy seekcy 19 Nov 23 2020 sbin
      drwx——. 2 seekcy seekcy 6 Nov 23 2020 scgi_temp
      drwx——. 2 seekcy seekcy 6 Nov 23 2020 uwsgi_temp
      [seekcy@joysuch nginx]$
    1. 将ssl证书存放到目录下

-rwxr-xr-x 1 seekcy seekcy 1675 Jul 1 16:50 2021035__xxx.com.key
-rwxr-xr-x 1 seekcy seekcy 3725 Jul 1 16:50 2021035__xxx.com.pem
6. 3. 配置ssl请求参数
server {
listen 9999 ssl;
server_name sslrequest;
root html;
index index.html index.htm;
ssl_certificate cert/2021035__xxx.com.pem;
ssl_certificate_key cert/2021035__xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}
7. 重新加载nginx
./home/seekcy/softs/nginx/sbin/nginx -s reload
创建人:张光良

转载请注明作者和出处,并添加本页链接。
原文链接: //svn.seekcy.com:33382/460