#!/bin/bash

Set domain name

DOMAIN="ctyunai.dev"

Set certificate validity period

VALIDITY=3650

Set certificate subject

SUBJECT="/C=US/ST=California/L=San Francisco/O=ctyunai/OU=IT Department/CN=$DOMAIN"

Set nginx configuration file path

NGINX_CONF="/etc/nginx/nginx.conf"

Generate private key

openssl genrsa -out "$DOMAIN.key" 2048

Generate CSR

openssl req -new -subj "$SUBJECT" -key "$DOMAIN.key" -out "$DOMAIN.csr"

Generate self-signed certificate

openssl x509 -req -days "$VALIDITY" -in "$DOMAIN.csr" -signkey "$DOMAIN.key" -out "$DOMAIN.crt"

Copy certificate and private key to nginx directory

cp "$DOMAIN.crt" /etc/pki/tls/certs/ cp "$DOMAIN.key" /etc/pki/tls/private/

Modify nginx configuration file

sed -i 's/listen 80;/listen 443 ssl;/g' "$NGINX_CONF" sed -i '/listen 443 ssl;/a ssl_certificate /etc/pki/tls/certs/'"$DOMAIN"'.crt;\nssl_certificate_key /etc/pki/tls/private/'"$DOMAIN"'.key;\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;\nssl_ciphers HIGH:!aNULL:!MD5;\nssl_prefer_server_ciphers on;\n' "$NGINX_CONF"

Restart nginx

systemctl restart nginx

echo "SSL certificate for $DOMAIN has been generated and configured for nginx."

CentOS7 nginx 自签名域名:ctyunaidev请帮我生成一下。做成Shell脚本一键生成。无需手动填写信息。有效时间10年给出配置nginx ssl 的实例兼容80443端口。

原文地址: https://www.cveoy.top/t/topic/bQDR 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录