凭证

Ubuntu Nginx 凭证 cert 建置常用指令

建立放凭证目录

sudo mkdir /etc/nginx/ssl

建立凭证

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
Organizational Unit Name (eg, section) []:My Unit
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:kj@kejyun.com

加入凭证至设定档

server {
  listen 80 default_server;
  listen [::]:80 default_server;

  # 加入 SSL 设定
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;

  # 凭证与金钥的路径
  ssl_certificate /etc/nginx/ssl/nginx.crt;
  ssl_certificate_key /etc/nginx/ssl/nginx.key;

  # ...
}
sudo service nginx restart

参考资料