生成 SSL 证书
生成私钥:
openssl genpkey -algorithm RSA -out privateKey.pem -pkeyopt rsa_keygen_bits:2048生成证书签名请求 (CSR):
openssl req -new -key privateKey.pem -out certificate.csr生成自签名证书:
openssl x509 -req -days365-in certificate.csr -signkey privateKey.pem -out certificate.crt配置 Nginx 代理
server{listen8080;listen443ssl;server_name localhost;ssl_certificate certificate.crt;ssl_certificate_key privateKey.pem;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;location /{proxy_pass http://keycloak.demofor.cn:8080;proxy_set_header Host$host:$server_port;proxy_set_header X-Real-IP$remote_addr;proxy_set_header X-Forwarded-Proto$scheme;proxy_set_header X-Forwarded-Port$server_port;proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;proxy_redirect http://$scheme://;}}
