化工本地接口调用将http改成https方法
化工平台本地接口是使用的http,想要更换为https,需要客户申请域名证书,通过以下方法更换证书,接口就可使用https调用;
切换到nginx安装目录
[seekcy@joysuch softs]$ cd /home/seekcy/softs/
[seekcy@joysuch softs]$ ll上传nginx安装包
nginx.tar.gz
/attached/file/20221019/20221019142616_165.gz复制nginx
[seekcy@joysuch softs]$ mv nginx nginx_copy解压nginx.tar.gz
[seekcy@joysuch softs]$ tar -zxvf nginx.tar.gz查看nginx进程并删除
[seekcy@joysuch softs]$ ps -ef|grep nginx
seekcy 14449 1 0 16:16 ? 00:00:00 nginx: master process /home/seekcy/softs/nginx/sbin/nginx -c /home/seekcy/softs/nginx/conf/nginx.conf
seekcy 14450 14449 0 16:16 ? 00:00:00 nginx: worker process
seekcy 15188 28640 0 16:26 pts/3 00:00:00 grep –color=auto nginx
[seekcy@joysuch softs]$ kill -9 14449 14450拷贝原始nginx 目录中的conf到新的nginx目录下
mv /home/seekcy/softs/nginx/conf /home/seekcy/softs/nginx/conf_copy
cp -r /home/seekcy/softs/nginx_copy/conf /home/seekcy/softs/nginx/nginx配置ssl证书部署
下载申请好的 ssl 证书文件压缩包到本地并解压(这里是用的 pem 与 key 文件,文件名可以更改)。
在 nginx 目录新建 cert 文件夹存放证书文件。- 创建ssl存放目录
[seekcy@joysuch sbin]$ cd /home/seekcy/softs/nginx/conf
[seekcy@joysuch nginx]$ ll
total 4
drwx——. 2 seekcy seekcy 6 Oct 15 15:40 client_body_temp
drwxrwxr-x. 3 seekcy seekcy 4096 Oct 18 16:37 conf
drwx——. 2 seekcy seekcy 6 Nov 23 2020 fastcgi_temp
drwxr-xr-x. 2 seekcy seekcy 40 Nov 23 2020 html
drwxrwxr-x. 2 seekcy seekcy 58 Oct 15 15:14 logs
drwx——. 3 seekcy seekcy 15 Oct 18 11:23 proxy_temp
drwxrwxr-x. 2 seekcy seekcy 19 Nov 23 2020 sbin
drwx——. 2 seekcy seekcy 6 Nov 23 2020 scgi_temp
drwx——. 2 seekcy seekcy 6 Nov 23 2020 uwsgi_temp
[seekcy@joysuch nginx]$ mkdir cert
[seekcy@joysuch nginx]$ ll
total 4
drwxrwxr-x. 2 seekcy seekcy 6 Oct 18 16:59 cert
drwx——. 2 seekcy seekcy 6 Oct 15 15:40 client_body_temp
drwxrwxr-x. 3 seekcy seekcy 4096 Oct 18 16:37 conf
drwx——. 2 seekcy seekcy 6 Nov 23 2020 fastcgi_temp
drwxr-xr-x. 2 seekcy seekcy 40 Nov 23 2020 html
drwxrwxr-x. 2 seekcy seekcy 58 Oct 15 15:14 logs
drwx——. 3 seekcy seekcy 15 Oct 18 11:23 proxy_temp
drwxrwxr-x. 2 seekcy seekcy 19 Nov 23 2020 sbin
drwx——. 2 seekcy seekcy 6 Nov 23 2020 scgi_temp
drwx——. 2 seekcy seekcy 6 Nov 23 2020 uwsgi_temp
[seekcy@joysuch nginx]$
- 创建ssl存放目录
- 将ssl证书存放到目录下
-rwxr-xr-x 1 seekcy seekcy 1675 Jul 1 16:50 2021035__xxx.com.key
-rwxr-xr-x 1 seekcy seekcy 3725 Jul 1 16:50 2021035__xxx.com.pem
6. 3. 配置ssl请求参数
server {
listen 9999 ssl;
server_name sslrequest;
root html;
index index.html index.htm;
ssl_certificate cert/2021035__xxx.com.pem;
ssl_certificate_key cert/2021035__xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}
7. 重新加载nginx
./home/seekcy/softs/nginx/sbin/nginx -s reload
创建人:张光良
转载请注明作者和出处,并添加本页链接。
原文链接:
//svn.seekcy.com:33382/460