nginx 轉(zhuǎn)發(fā)https請(qǐng)求

#生成密鑰
[root@233 nginx]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......++++++
...........++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:123456 #設(shè)置密碼
Verifying - Enter pass phrase for server.key:123456 #再次設(shè)置密碼
#生成證書認(rèn)證文件
[root@233 nginx]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:123456 #上面設(shè)置的密碼
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #國家
State or Province Name (full name) []:guangdong #省
Locality Name (eg, city) [Default City]:guangzhou #市
Organization Name (eg, company) [Default Company Ltd]:richinfo #公司
Organizational Unit Name (eg, section) []: #組織，可以不寫
Common Name (eg, your name or your server's hostname) []:www.aaa.com #域名，這個(gè)域名記得nginx配置的時(shí)候一樣
Email Address []: #郵箱，可以不寫

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:  #不設(shè)置
An optional company name []:  #不用寫

[root@233 nginx]# cat server.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,D51608920B407C43

ZSorICzxSDp7W+bgoeZEx7RKSOfi220qKgh6EpqWCJOeP4/MnHn6JcuAYdNca+ii
UJpHasnMaakCdBHQQxAyU7v7jW1xQAI7ffsncPfKDpBxxZb6WeTrW0F3LVY4rFUC
...
bDbUcs/6DZQUc02dBCx3DEIujdL4DJhJbBMc1Y2e/RGHg/jBrV5IA6n1X+vmwfV7
rVPFcxccNZJ6jvilWhCiGwrEcrnCJpOqlj6Ihas6b0fihelVAPWj/Q==
-----END RSA PRIVATE KEY-----

#拷貝一份密鑰
[root@233 nginx]# cp server.key server.key.org
#用備份的密鑰重新生成不帶密碼的密鑰
[root@233 nginx]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:123456 #輸入密碼
writing RSA key

[root@233 nginx]# cat server.key
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDBc+2JL0dWVKOsd9v5zQBSjABG5CRPn+vzfjmtpcjokDBOw0ub
5HADAGueMgEtrbymkpJmabucqrUGfvUAZh7+PSYyDdLjbgoIejfC7yMJyCstrwkN
5UjD8sz1HYOPx1oomlMvFts7+0/PC388gF89a69898PmzKTYc+X0DlNhrwIDAQAB
...
z3hnfZ/IGKLkCCyW89ECQQCjo+FkC21Df9A7kyhO0vQ4UEiEINGdlMQhLTBlfMpt
BH6zTjfHly0iglV2RrFjmsDGZCNqgAlRED76qD4F+emp
-----END RSA PRIVATE KEY-----
[root@233 nginx]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=guangdong/L=guangzhou/O=richinfo/CN=www.aaa.com
Getting Private key

http{
...........
     server {
         listen       443 ssl http2;
         ssl_certificate /home/nginx/server.crt;
         ssl_certificate_key /home/nginx/server.key;
         server_name  www.aaa.com;
         location / {
            proxy_pass https://192.168.xx.xxx:10443/; #這個(gè)就算要代理的地址
          }
    }
...........
}