\u5fae\u4fe1\u5c0f\u7a0b\u5e8f\u4e0d\u4ec5\u8981\u6c42\u5fc5\u987b\u662fHTTPS\u548cWSS\uff0c\u8fd8\u8981\u6c42URL\u91cc\u4e0d\u80fd\u6709\u7aef\u53e3\u53f7\u3002<\/p>\n
\u5e38\u89c1\u7684\u670d\u52a1\u5668\u6709\u4e09\u79cd\uff1a<\/p>\n
\u8fd9\u4e09\u79cd\u670d\u52a1\u5668\u90fd\u53ef\u4ee5\u914d\u7f6ehttps\uff0c\u4f46\u662f\u6ca1\u5fc5\u8981\u5168\u90e8\u77e5\u9053\uff0c\u56e0\u4e3aNginx\u53ef\u4ee5\u8d77\u5230\u53cd\u5411\u4ee3\u7406\u7684\u4f5c\u7528\uff0c\u4f1a\u914d\u7f6eNginx\u5c31\u8db3\u591f\u4e86\u3002<\/p>\n
HTTP\u534f\u8bae\u9ed8\u8ba4\u7aef\u53e3\u53f7\u662f80\uff0cHTTPS\u9ed8\u8ba4\u7aef\u53e3\u53f7\u662f443\u3002
\nHTTPS\u534f\u8bae=HTTP+SSL\uff0c\u800cSSL\u662f\u57fa\u4e8e\u516c\u94a5\u52a0\u5bc6\u7b97\u6cd5\u7684\u3002\u5f53\u6211\u4eec\u8bbf\u95ee\u4e00\u4e2a\u4f7f\u7528\u4e86HTTPS\u7684\u7f51\u7ad9\u65f6\uff0c\u8fd9\u4e2a\u7f51\u7ad9\u5c06\u5b83\u7684\u516c\u94a5\u544a\u77e5\u6d4f\u89c8\u5668\uff0c\u6d4f\u89c8\u5668\u5728\u53d1\u9001\u8bf7\u6c42\u6570\u636e\u65f6\u4f1a\u4f7f\u7528\u516c\u94a5\u5bf9\u6570\u636e\u8fdb\u884c\u52a0\u5bc6\uff0c\u8fd9\u6837\u4e00\u6765\u5c31\u4e0d\u6015\u6709\u4eba\u76d1\u542c\u6570\u636e\u5305\u4e86\uff0c\u56e0\u4e3a\u53ea\u6709\u62e5\u6709\u79c1\u94a5\uff0c\u624d\u80fd\u591f\u201c\u7406\u89e3\u201d\u8fd9\u4e9b\u6570\u636e\u5305\u3002
\n\u5bf9\u4e8e\u666e\u901a\u7684HTTP\u6570\u636e\u5305\uff0c\u90fd\u662f\u672a\u52a0\u5bc6\u7684\uff0c\u5f88\u5bb9\u6613\u88ab\u76d1\u542c\u3002\u6bd4\u5982\uff0c\u5f53\u6211\u4eec\u8fde\u4e0a\u4e00\u4e2awifi\u540e\uff0c\u6211\u4eec\u7684\u4e00\u5207\u6d41\u91cf\u90fd\u7528\u4ece\u8def\u7531\u5668\u4e0a\u7ecf\u8fc7\uff0c\u8fd9\u4e2a\u8def\u7531\u5668\u63a5\u4e0a\u6293\u5305\u8f6f\u4ef6\u5c31\u80fd\u591f\u770b\u5230\u4e00\u5207\uff0c\u4e0d\u52a0\u5bc6\u7684\u6570\u636e\u5305\u7b80\u76f4\u76f8\u5f53\u4e8e\u88f8\u5954\uff01\u6240\u4ee5\uff0c\u4e0d\u8981\u8d2a\u56fe\u4fbf\u5b9c\u8fde\u63a5\u4e0d\u77e5\u6765\u6e90\u7684wifi\uff0c\u66f4\u4e0d\u8981\u5728\u4e0d\u4fe1\u4efb\u7684wifi\u4e0b\u586b\u5199\u5bc6\u7801\u8868\u5355\uff0c\u90a3\u6837\u5f88\u5bb9\u6613\u6cc4\u9732\u4e2a\u4eba\u4fe1\u606f\u3002\u800cHTTPS\u534f\u8bae\u80fd\u591f\u5927\u5927\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u3002<\/p>\n
\u5bf9\u4e8e\u4e00\u4e2a\u73b0\u4ee3\u5316\u7684\u7f51\u7ad9\uff0c\u5982\u679c\u62e5\u6709\u81ea\u5df1\u7684\u7528\u6237\uff0c\u90a3\u4e48\u5c31\u4e00\u5b9a\u6709\u4f7f\u7528HTTPS\u7684\u5fc5\u8981\u3002\u8981\u5168\u7f51\u7ad9\u90fd\u662f\u7528HTTPS\u800c\u4e0d\u662f\u90e8\u5206\u94fe\u63a5\u4f7f\u7528HTTPS\uff0c\u56e0\u4e3a\u8bbf\u95eeHTTP\u94fe\u63a5\u7684\u65f6\u5019\u643a\u5e26\u7740\u8ddf\u8bbf\u95eeHTTPS\u94fe\u63a5\u65f6\u4e00\u6a21\u4e00\u6837\u7684cookie\uff0c\u8fd9\u5c31\u6709\u53ef\u80fd\u6cc4\u9732sessionId\uff0c\u800c\u6cc4\u9732sessionID\u8ddf\u6cc4\u9732\u5bc6\u7801\u5dee\u4e0d\u592a\u591a\u3002<\/p>\n
HTTPS\u5e76\u975e\u767e\u5229\u800c\u65e0\u4e00\u5bb3\uff0c\u5b83\u5bf9\u670d\u52a1\u5668\u6027\u80fd\u63d0\u51fa\u4e86\u66f4\u9ad8\u7684\u8981\u6c42\u3002\u56e0\u4e3a\u52a0\u5bc6\u3001\u89e3\u5bc6\u7684\u8fc7\u7a0b\u4e5f\u662f\u4e00\u4e2a\u4e0d\u53ef\u5ffd\u7565\u7684\u6027\u80fd\u6d88\u8017\u3002<\/p>\n
\u83b7\u53d6SSL\u8bc1\u4e66\uff0c\u6700\u7b80\u5355\u3001\u6700\u6b63\u786e\u7684\u59ff\u52bf\u662f\u4f7f\u7528\u817e\u8baf\u4e91\uff0c\u7533\u8bf7SSL\uff0c\u8fd9\u4e2a\u8fc7\u7a0b\u662f\u514d\u8d39\u7684\uff0c\u5e76\u4e14\u4e0d\u9700\u8981\u4efb\u4f55\u547d\u4ee4\u884c\u3002 \u5982\u679c\u4e0d\u60f3\u4e86\u89e3\u66f4\u591a\u5173\u4e8e\u8bc1\u4e66\u7684\u5185\u5bb9\uff0c\u53ef\u4ee5\u8df3\u8fc7\u4e0b\u9762\u3002<\/p>\n \u914d\u7f6e\u4e00\u4e2aHTTPS\u670d\u52a1\u6240\u9700\u8981\u7684\u8bc1\u4e66\u5305\u62ec\u51e0\u4e2a\u90e8\u5206\uff1a<\/p>\n \u521b\u5efa\u8bc1\u4e66\u7684\u57fa\u672c\u6d41\u7a0b\u662f\u8fd9\u6837\uff1a<\/p>\n \u81ea\u5df1\u751f\u6210\u8bc1\u4e66\u6700\u5927\u7684\u574f\u5904\u5c31\u662f\uff0c\u8bbf\u95ee\u6b64\u7f51\u7ad9\u65f6\uff0c\u6d4f\u89c8\u5668\u4f1a\u63d0\u793a\u8bc1\u4e66\u4e0d\u53d7\u4fe1\u4efb\u3002<\/p>\n \u7b2c3\u4e2a\u547d\u4ee4\u662f\u751f\u6210\u8bc1\u4e66\u8bf7\u6c42\uff0c\u4f1a\u63d0\u793a\u8f93\u5165\u7701\u4efd\u3001\u57ce\u5e02\u3001\u57df\u540d\u4fe1\u606f\u7b49\uff0c\u91cd\u8981\u7684\u662f\uff0cemail\u4e00\u5b9a\u8981\u662f\u4f60\u7684\u57df\u540d\u540e\u7f00\u7684\u3002\u8fd9\u6837\u5c31\u6709\u4e00\u4e2a csr \u6587\u4ef6\u4e86\uff0c\u63d0\u4ea4\u7ed9 ssl \u63d0\u4f9b\u5546\u7684\u65f6\u5019\u5c31\u662f\u8fd9\u4e2a csr \u6587\u4ef6\u3002\u5f53\u7136\u6211\u8fd9\u91cc\u5e76\u6ca1\u6709\u5411\u8bc1\u4e66\u63d0\u4f9b\u5546\u7533\u8bf7\uff0c\u800c\u662f\u5728\u7b2c4\u6b65\u81ea\u5df1\u7b7e\u53d1\u4e86\u8bc1\u4e66\u3002<\/p>\n \u5728\/etc\/nginx\/conf.d\u76ee\u5f55\u4e0b\u65b0\u5efahttps.conf<\/p>\n \u6b64\u6587\u4ef6\u5305\u542b\u4e24\u90e8\u5206\uff0c\u7b2c\u4e00\u90e8\u5206\u914d\u7f6ewss\uff0c\u7b2c\u4e8c\u90e8\u5206\u914d\u7f6ehttps<\/p>\n \u4e3e\u4f8b\uff1a\u5c06\u8bbf\u95ee\u76ee\u5f55 \\services\u00a0\u7531http\u8bbf\u95ee \u91cd\u5b9a\u5411\u5230 https \uff08\u89e3\u51b3\u65b9\u6cd5\uff1anginx rewrite \u52a0\u4e0a location \u65b9\u5f0f\u5b9e\u73b0\uff09<\/p>\n nginx -t \u547d\u4ee4\u6d4b\u8bd5\u4e00\u4e0b tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN (\u6709\u770b\u5230\u8fd9\u4e00\u884c \u5c31\u8868\u793aHTTPS\u5df2\u7ecf\u5728\u5de5\u4f5c\u4e86)<\/p>\n \u5b98\u7f51\u6587\u6863http:\/\/nginx.org\/en\/docs\/http\/websocket.htm \u5fae\u4fe1\u5c0f\u7a0b\u5e8f\u4e0d\u4ec5\u8981\u6c42\u5fc5\u987b\u662fHTTPS\u548cWSS\uff0c\u8fd8\u8981\u6c42URL\u91cc\u4e0d\u80fd\u6709\u7aef\u53e3\u53f7\u3002 \u4e00\u3001\u4f7f\u7528Nginx\u8db3\u591f\u4e86 \u5e38\u89c1\u7684\u670d\u52a1 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[73,74],"class_list":["post-1038","post","type-post","status-publish","format-standard","hentry","category-linux","tag-https","tag-wss"],"_links":{"self":[{"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/posts\/1038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1038"}],"version-history":[{"count":1,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/posts\/1038\/revisions"}],"predecessor-version":[{"id":1039,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/posts\/1038\/revisions\/1039"}],"wp:attachment":[{"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\u94fe\u63a5\u5982\u4e0b\uff1a
\nhttps:\/\/www.qcloud.com\/product\/ssl<\/a><\/p>\n\u8bc1\u4e66\u7ed3\u6784<\/h3>\n
\n
\n
\u81ea\u5df1\u751f\u6210\u8bc1\u4e66\uff08\u5373\u516c\u79c1\u94a5\uff09<\/h3>\n
# 1\u3001\u9996\u5148\uff0c\u8fdb\u5165\u4f60\u60f3\u521b\u5efa\u8bc1\u4e66\u548c\u79c1\u94a5\u7684\u76ee\u5f55\uff0c\u4f8b\u5982\uff1a\r\ncd \/etc\/nginx\/\r\n\r\n# 2\u3001\u521b\u5efa\u670d\u52a1\u5668\u79c1\u94a5\uff0c\u547d\u4ee4\u4f1a\u8ba9\u4f60\u8f93\u5165\u4e00\u4e2a\u53e3\u4ee4\uff1a\r\nopenssl genrsa -des3 -out server.key 1024\r\n\u8fd9\u53e5\u8bdd\u751f\u6210server.key\uff0c\u8fd9\u4e2a\u6587\u4ef6\u957f\u5ea6\u4e3a1024\u5b57\u8282\uff0c\u8fd9\u5c31\u662f\u79c1\u94a5\uff0c\u662f\u670d\u52a1\u5668\u7528\u6765\u89e3\u7801\u7528\u6237\u8bf7\u6c42\u7684\u5b9d\u8d1d\u3002\r\n\r\n# 3\u3001\u521b\u5efa\u7b7e\u540d\u8bf7\u6c42\u7684\u8bc1\u4e66\uff08CSR\uff09\uff1a\r\nopenssl req -new -key server.key -out server.csr\r\n\r\n# 4\u3001\u5728\u52a0\u8f7dSSL\u652f\u6301\u7684Nginx\u5e76\u4f7f\u7528\u4e0a\u8ff0\u79c1\u94a5\u65f6\u9664\u53bb\u5fc5\u987b\u7684\u53e3\u4ee4\uff1a\r\ncp server.key server.key.org\r\nopenssl rsa -in server.key.org -out server.key\r\n\r\n\r\n# 5\u3001\u6700\u540e\u6807\u8bb0\u8bc1\u4e66\u4f7f\u7528\u4e0a\u8ff0\u79c1\u94a5\u548cCSR\uff1a\r\nopenssl x509 -req -days 365 -in server.csr -signkey server.key -out server.c<\/pre>\n
\u56db\u3001\u914d\u7f6eNginx<\/h2>\n
upstream websocket{\r\n server weiyinfu.cn:8080;\r\n}\r\nupstream web{\r\n server weiyinfu.cn:8080;\r\n}\r\nserver {\r\n listen 443;\r\n server_name weiyinfu.cn;\r\n\r\n ssl on;\r\n ssl_certificate \/etc\/nginx\/weiyinfu.cn\/Nginx\/1_weiyinfu.cn_bundle.crt;\r\n ssl_certificate_key \/etc\/nginx\/weiyinfu.cn\/Nginx\/2_weiyinfu.cn.key;\r\n\r\n ssl_session_timeout 5m;\r\n ssl_session_cache shared:SSL:50m;\r\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;\r\n ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;\r\n ssl_prefer_server_ciphers on;\r\n\r\n location \/wss {\r\n access_log \/var\/log\/nginx\/come-websocket.log;\r\n proxy_pass http:\/\/websocket\/; # \u4ee3\u7406\u5230\u4e0a\u9762\u7684\u5730\u5740\u53bb\r\n proxy_read_timeout 60s;\r\n proxy_set_header Host $host;\r\n proxy_set_header X-Real_IP $remote_addr;\r\n proxy_set_header X-Forwarded-for $remote_addr;\r\n proxy_http_version 1.1;\r\n proxy_set_header Upgrade $http_upgrade;\r\n proxy_set_header Connection 'Upgrade';\r\n }\r\n\r\n location \/ {\r\n #root html;\r\n #index testssl.html index.html index.htm;\r\n access_log \/var\/log\/nginx\/https-reverse.log;\r\n proxy_redirect off;\r\n proxy_set_header Host $host;\r\n proxy_set_header X-Real-IP $remote_addr;\r\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n proxy_pass http:\/\/weiyinfu.cn\/;\r\n }\r\n}<\/pre>\n\u4e94\u3001\u5c06http\u91cd\u5b9a\u5411\u5230https<\/h2>\n
server { \r\n listen 192.168.1.111:80; \r\n server_name test.com; \r\n \r\n rewrite ^(.*)$ https:\/\/$host$1 permanent; \r\n}<\/pre>\nlocation ~ \/services\/.*$ {\r\n if ($server_port ~ \"^80$\"){\r\n set $rule_0 1$rule_0;\r\n }\r\n if ($rule_0 = \"1\"){\r\n rewrite \/(.*) https:\/\/IP\u5730\u5740\/$1 permanent; break;\r\n }\r\n }<\/pre>\n\u516d\u3001\u9a8c\u8bc1\u662f\u5426\u914d\u7f6e\u6210\u529f<\/h2>\n
\nservice nginx reload\u91cd\u65b0\u52a0\u8f7d\u914d\u7f6e
\n\u89c2\u5bdf\/var\/log\/nginx\u67e5\u770b\u65e5\u5fd7<\/p>\n\/usr\/local\/nginx\/sbin\/nginx -t\r\nnginx: the configuration file \/usr\/local\/nginx\/conf\/nginx.conf syntax is ok \r\nnginx: configuration file \/usr\/local\/nginx\/conf\/nginx.conf test is successful (\u663e\u793a\u8868\u793a\u914d\u7f6e\u6587\u4ef6\u6ca1\u6709\u9519\u8bef)\r\n\r\nservice nginx reload (\u91cd\u65b0\u52a0\u8f7dnginx\u670d\u52a1) \r\nnetstat -lan | grep 443 (\u67e5\u770b443\u7aef\u53e3)<\/pre>\n
\u53c2\u8003\u8d44\u6599<\/h2>\n
\nhttp:\/\/www.wxapp-union.com\/portal.php?mod=view&aid=2105<\/a>
\nhttp:\/\/www.cnblogs.com\/yun007\/p\/3739182.html<\/a>
\n\u5173\u4e8eHTTPS\u8be6\u5c3d\u7684\u4ecb\u7ecd<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"