自签名证书

生成证书：

• Debian系统：

  1 2 3

  openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ -keyout server.key -out server.crt -subj "/CN=1.2.3.4" \ -addext "subjectAltName=IP:1.2.3.4"

• Windows系统(可能需要单独安装openssl)：

  1	openssl req -x509 -newkey rsa:4096 -days 3650 -nodes -keyout server.key -out server.crt -subj "/CN=1.2.3.4" -addext "subjectAltName=IP:1.2.3.4"

Nginx配置

• 替换 1.2.3.4 为你的IP地址：

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

  server { listen 443 ssl; listen [::]:443 ssl; server_name 1.2.3.4; ssl_certificate_key /root/server.key; #key路径 ssl_certificate /root/server.crt; #crt路径 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:8090; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } }