CentOS7 nginx 自签名域名:ctyunaidev请帮我生成一下。做成Shell脚本一键生成。无需手动填写信息。有效时间10年给出配置nginx ssl 的实例兼容80443端口。
#!/bin/bash
Set domain name
DOMAIN="ctyunai.dev"
Set certificate validity period
VALIDITY=3650
Set certificate subject
SUBJECT="/C=US/ST=California/L=San Francisco/O=ctyunai/OU=IT Department/CN=$DOMAIN"
Set nginx configuration file path
NGINX_CONF="/etc/nginx/nginx.conf"
Generate private key
openssl genrsa -out "$DOMAIN.key" 2048
Generate CSR
openssl req -new -subj "$SUBJECT" -key "$DOMAIN.key" -out "$DOMAIN.csr"
Generate self-signed certificate
openssl x509 -req -days "$VALIDITY" -in "$DOMAIN.csr" -signkey "$DOMAIN.key" -out "$DOMAIN.crt"
Copy certificate and private key to nginx directory
cp "$DOMAIN.crt" /etc/pki/tls/certs/ cp "$DOMAIN.key" /etc/pki/tls/private/
Modify nginx configuration file
sed -i 's/listen 80;/listen 443 ssl;/g' "$NGINX_CONF" sed -i '/listen 443 ssl;/a ssl_certificate /etc/pki/tls/certs/'"$DOMAIN"'.crt;\nssl_certificate_key /etc/pki/tls/private/'"$DOMAIN"'.key;\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;\nssl_ciphers HIGH:!aNULL:!MD5;\nssl_prefer_server_ciphers on;\n' "$NGINX_CONF"
Restart nginx
systemctl restart nginx
echo "SSL certificate for $DOMAIN has been generated and configured for nginx."
原文地址: https://www.cveoy.top/t/topic/bQDR 著作权归作者所有。请勿转载和采集!