Creating an SSL Certificate

 $ mkdir -p /etc/nginx/ssl
 $ cd /etc/nginx/ssl
 $ openssl genrsa -idea -out server.key 1024
 $ openssl req -new -key server.key -out server.csr
 $ openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Copy the code

Be careful to add an expiration date. The default expiration date is very short

Nginx configuration

  $ cd /etc/nginx/conf.d
  $ vim https.conf
Copy the code

Enter the following

     server {
        listen       443 ssl http2 default_server;
        listen[: :] :443 ssl http2 default_server;
        server_name  _;
        root         /usr/share/nginx/html;
        ssl_certificate "/etc/nginx/ssl/server.crt";
        ssl_certificate_key "/etc/nginx/ssl/server.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;
        location/ {}error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
        }
Copy the code

Save and exit and restart nginx

Because our certificate has not been certified by relevant institutions, it is still indicated as unsafe, but it does not affect our test use