1、下载 OpenResty - 下载
根据自己系统选择下载,我的是64位
2、解压到目录
3、启动openresty
进入解压后的目录,执行nginx.exe
浏览器输入 http://localhost 查看是否正常。显示以下画面就表示没有问题。
接下来可以开始准备动态安装证书
4、使用openssl-win64生成测试证书(待补充)
openssl 下载地址 。 也可以使用csdn下载
5、进入conf目录,编辑nginx.conf
#增加ssl server配置 server { listen 443 ssl; server_name localhost; ssl_certificate cert/server.crt; ssl_certificate_key cert/server.key; ssl_certificate_by_lua_file conf\cert\ssl.lua; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }6、编写ssl.lua , 放到conf/cert下
local ssl = require"ngx.ssl"-- 清除之前设置的证书和私钥 local ok, err = ssl.clear_certs() if not ok then ngx.log(ngx.ERR,"failed to clear existing (fallback) certificates") return ngx.exit(ngx.ERROR) end -- 获取证书内容,比如 io.open("my.crt"):read("*a") local cert_data, err cert_data = io.open("conf\\cert\\localhost.crt"):read("*a") if not cert_data then ngx.log(ngx.ERR,"failed to get PEM cert:", err) return end -- 解析出 cdata 类型的证书值,你可以用 lua-resty-lrucache 缓存解析结果 local cert, err = ssl.parse_pem_cert(cert_data) if not cert then ngx.log(ngx.ERR,"failed to parse PEM cert:", err) return end local ok, err = ssl.set_cert(cert) if not ok then ngx.log(ngx.ERR,"failed to set cert:", err) return end local pkey_data, err pkey_data = io.open("conf\\cert\\localhost.key"):read("*a") if not pkey_data then ngx.log(ngx.ERR,"failed to get DER private key:", err) return end local pkey, err = ssl.parse_pem_priv_key(pkey_data) if not pkey then ngx.log(ngx.ERR,"failed to parse pem key:", err) return end local ok, err = ssl.set_priv_key(pkey) if not ok then ngx.log(ngx.ERR,"failed to set private key:", err) return end