标签:
可以在网上买一个, 或者自己做一个.
这里有一个shell脚本可以自动生成证书:
#!/bin/sh # create self-signed server certificate: read -p "Enter your domain [www.example.com]: " DOMAIN echo "Create server key..." openssl genrsa -des3 -out $DOMAIN.key 1024 echo "Create server certificate signing request..." SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN" openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr echo "Remove password..." mv $DOMAIN.key $DOMAIN.origin.key openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key echo "Sign SSL certificate..." openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
假设得到了两个文件: a.com.crt
, a.com.key
假设Leanote运行的端口是9000, 域名为a.com, 那么nginx.conf可以配置如下:
# 本配置只有http部分, 不全 http { include /etc/nginx/mime.types; default_type application/octet-stream; upstream a.com { server localhost:9000; } # http server { listen 80; server_name a.com; # 强制https # 如果不需要, 请注释这一行rewrite rewrite ^/(.*) https://jp_linode2.com/$1 permanent; location / { proxy_pass http://a.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } # https server { listen 443 ssl; server_name a.com; ssl_certificate /root/a.com.crt; # 修改路径, 到a.com.crt, 下同 ssl_certificate_key /root/a.com.key; location / { proxy_pass http://a.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } }
标签:
原文地址:http://my.oschina.net/lifephp/blog/508237