--- tags: network --- # Let's Encrypt: self-signed certificate ## Official web page https://letsencrypt.org/docs/certificates-for-localhost/ ## 步驟 - mkdir https_keys - 複製上述網頁中的openssl指令(我會複製一份在最底下)，並在https_keys中執行 - 會產生localhost.crt、localhost.key兩個檔案 - sudo vim /etc/nginx/conf.d/all_site.conf 打開.conf檔並仿照certbot一樣寫入下列兩行 - ssl_certificate /home/burwei/https_keys/localhost.crt; - ssl_certificate_key /home/burwei/https_keys/localhost.key; - 這兩行寫完，上面把listen 80;改成listen 443 ssl;就完成了 - P.S. /etc/nginx/conf.d/是CentOS8的位置，Ubuntu的位置不一樣，但一樣是在/etc/nginx下的某個資料夾中 ## openssl 指令 不用理解直接複製後執行 會產生兩個檔案 localhost.crt跟localhost.key ``` openssl req -x509 -out localhost.crt -keyout localhost.key \ -newkey rsa:2048 -nodes -sha256 \ -subj '/CN=localhost' -extensions EXT -config <( \ printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") ``` ## nginx config file 在/etc/nginx/conf.d/下新增了一個all_site.conf ``` server{ #listen to https port on IPv4 and IPv6 listen 443 ssl; #server config server_name 192.168.43.35; server_tokens off; ssl_certificate /home/burwei/https_keys/localhost.crt; ssl_certificate_key /home/burwei/https_keys/localhost.key; #reverse proxy to express (mern_boilerplate: ./backend/api_server/app.js ) location /api { proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://127.0.0.1:9000; } } ```