linux生产证书:
# 1、创建服务器私钥,命令会让你输入一个口令:
openssl genrsa -des3 -out server.key 1024
# 2、创建签名请求的证书(CSR):
openssl req -new -key server.key -out server.csr
# 3、在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
openssl rsa -in server.key -out server_nopass.key
# 4、最后标记证书使用上述私钥和CSR:
openssl x509 -req -days 365 -in server.csr -signkey server_nopass.key -out server.crt
Nginx+Https内部流程
server {
listen 443 ssl;
server_name sales.enjoy.com;
ssl_certificate /etc/nginx/conf.d/server.crt; #证书
ssl_certificate_key /etc/nginx/conf.d/server_nopass.key;#私钥
if ( $http_origin ~ http://(.*).enjoy.com){
set $allow_url $http_origin;
}
#是否允许请求带有验证信息
add_header Access-Control-Allow-Credentials true;
#允许跨域访问的域名,可以是一个域的列表,也可以是通配符*
add_header Access-Control-Allow-Origin $allow_url;
#允许脚本访问的返回头
add_header Access-Control-Allow-Headers 'x-requested-with,content-type,Cache-Control,Pragma,Date,x-timestamp';
#允许使用的请求方法,以逗号隔开
add_header Access-Control-Allow-Methods 'POST,GET,OPTIONS,PUT,DELETE';
#允许自定义的头部,以逗号隔开,大小写不敏感
add_header Access-Control-Expose-Headers 'WWW-Authenticate,Server-Authorization';
#P3P支持跨域cookie操作
add_header P3P 'policyref="/w3c/p3p.xml", CP="NOI DSP PSAa OUR BUS IND ONL UNI COM NAV INT LOC"';
add_header test 1;
if ($request_method = 'OPTIONS') {
return 204;
}
location / {
root html/sales;
index welcome.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}