django rest framwork 爲了配合微信小程序的訪問,藉助nginx ssl 配置https
https 有兩部分組成:HTTP + SSL / TLS
#首先,cd 到你想生成證書、私鑰的路徑下面
#1.創建服務器證書密鑰文件 server.key:
openssl genrsa -des3 -out server.key 1024
#輸入密碼,確認密碼,自己隨便定義,但是要記住,後面會用到。
#2.創建服務器證書的申請文件 server.csr
openssl req -new -key server.key -out server.csr
#輸出內容爲:
#Enter pass phrase for root.key: ← 輸入前面創建的密碼
#Country Name (2 letter code) [AU]:CN ← 國家代號,中國輸入CN
#State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音
#Locality Name (eg, city) []:BeiJing ← 市的全名,拼音
#Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名
#Organizational Unit Name (eg, section) []: ← 可以不輸入
#Common Name (eg, YOUR name) []: ← 此時不輸入
#Email Address []:[email protected] ← 電子郵箱,可隨意填
#Please enter the following ‘extra’ attributes
#to be sent with your certificate request
#A challenge password []: ← 可以不輸入
#An optional company name []: ← 可以不輸入
#3.備份一份服務器密鑰文件
cp server.key server.key.org
#4.去除文件口令
openssl rsa -in server.key.org -out server.key
#5.生成證書文件server.crt
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- 只允許 https的訪問
server {
listen 8010 ssl; #默認端口443,可以設爲自己想要的端口
server_name _;
ssl_certificate /home/hayley/nginx/server.crt; #證書
ssl_certificate_key /home/hayley/nginx/server.key; #私鑰
……
}
- 同時支持http,https
# 可以同時支持http,https的訪問,http會通過配置跳轉到https(http 80跳轉到https 443)
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
#……
#重啓nginx
service nginx start
參考:
nginx實現https網站設置
https://www.cnblogs.com/jingxiaoniu/p/6745254.html
Nginx配置Https
https://www.cnblogs.com/bincoding/p/6118270.html
Mozilla SSL Configuration Generator
https://mozilla.github.io/server-side-tls/ssl-config-generator/