本地https方案(webxr运行需要)
站长
· 阅读数 23
创建openssl所需的配置文件localhost.conf
[ req ] default_bits = 2048 # RSA的2048是公认较比较安全的key长度 default_keyfile = server-key.pem distinguished_name = subject req_extensions = req_ext x509_extensions = x509_ext string_mask = utf8only [ subject ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = NY localityName = Locality Name (eg, city) localityName_default = New York organizationName = Organization Name (eg, company) organizationName_default = Example, LLC commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = Example Company emailAddress = Email Address emailAddress_default = test@example.com [ x509_ext ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment subjectAltName = @alternate_names nsComment = "OpenSSL Generated Certificate" [ req_ext ] subjectKeyIdentifier = hash basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment subjectAltName = @alternate_names nsComment = "OpenSSL Generated Certificate" [ alternate_names ] DNS.1 = 192.168.XXX.XXX # 注意这里一般改为自己本地的ip或者域名- 生成证书
localhost.crt,localhost.keyopenssl 运行命令./openssl.exe req -config localhost.conf -new -sha256 -newkey rsa:2048 -nodes -keyout localhost.key -x509 -days 365 -out localhost.crt - 拷贝证书到
nginx-1.18.0\conf\ssl目录(新建ssl)下 配置nginxnginx.conf增加server配置项
server { listen 443 ssl; # 不变 # ssl_certificate ssl/localhost.crt; # ssl_certificate_key ssl/localhost.key; ssl_certificate ssl/192.168.56.26.crt; # 指向证书地址,ps:相对路径是相对与nginx.conf目录 ssl_certificate_key ssl/192.168.56.26.key; # 指向证书地址,ps:相对路径是相对与nginx.conf目录 location /p { alias E:/p; index index.html index.htm; } }- ./nginx.exe -t 验证config是否ok,./nginx.exe -s reload 重启