HTTP服务转HTTPS服务网站首页 学无止境

HTTP服务转HTTPS服务

社会工具人 2025-03-28 12:01:02

简介HTTP服务转HTTPS服务

新年头一天上班，为复工摸鱼，必须将重复的配置工作进行自动化掉，目前遇到了http到https的转换问题，编写了脚本来快速启动，脚本在文末需要自取，以下是执行过程，以go-file这个http服务为例

注意：自己生成的证书会报隐私问题，直接忽略即可

1. 首先运行脚本来生成nginx配置文件、证书文件以及docker-compose.yaml文件

root@bright-pc# ./general_crt.sh
create cert folder
create nginx config foloer
input your cert password:123456   // 输入证书密码
Enter your domain [www.example.com]: www.123.com  // 输入域名
Create server key...
Create server certificate signing request...
Remove password...
writing RSA key
Sign SSL certificate...
Certificate request self-signature ok
subject=C = US, ST = Mars, L = iTranswarp, O = iTranswarp, OU = iTranswarp, CN = www.123.com
genernal nginx config
Enter you http service base url:http://192.168.1.111:13000 // 输入需要转换服务的域名或者地址
input https service port:8443  // 输入转换后https服务的端口号
genernal docker-compose.yaml
Enter the Docker port mapping, which defaults to the same port as the HTTPS service[8443]: // 输入docker映射后的端接口，默认与https服务端接口一致
root@bright-pc# ls //查看生成的文件
docker-compose.yaml  general_crt.sh  nginx  pass_temp.txt

2. 启动docker-compose 文件

docker compose up -d && docker compose logs -f

3. 查看启动日志

4. 测试，因为我属于通过ssh代理访问，直接代理后访问本地 https://127.0.0.1:8443 即可

访问即可成功

代码如下：

#!/bin/sh

# check folder exists
CERT_PATH="./nginx/cert"
if [ -d $CERT_PATH ];then
        echo "$CERT_PATH exists"
else
        echo "create cert folder"
        mkdir -p $CERT_PATH
fi
NGINX_CONFIG_FOLDER="./nginx/conf.d"
if [ -d $NGINX_CONFIG_FOLDER ];then
        echo "nginx config folder exists"
else
        echo "create nginx config foloer"
        mkdir -p $NGINX_CONFIG_FOLDER
fi

# create self-signed server certificate:

read -p "input your cert password:" CERT_PASS
PASS_FILE="./pass_temp.txt"
echo "$CERT_PASS" > $PASS_FILE

read -p "Enter your domain [www.example.com]: " DOMAIN
DOMAIN=${DOMAIN:-"www.example.com"}
# check cert exists
if [ -d $CERT_PATH/$DOMAIN.csr ];then
        echo "cert file  already exists"
        exit [5]
else
        echo "Create server key..."
fi

openssl genrsa -des3 -out $CERT_PATH/$DOMAIN.key  -passout pass:$CERT_PASS 2048

echo "Create server certificate signing request..."

SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN"

openssl req -new -subj $SUBJECT -key $CERT_PATH/$DOMAIN.key -out $CERT_PATH/$DOMAIN.csr -passin file:$PASS_FILE

echo "Remove password..."

mv $CERT_PATH/$DOMAIN.key $CERT_PATH/$DOMAIN.origin.key
openssl rsa -in $CERT_PATH/$DOMAIN.origin.key -out $CERT_PATH/$DOMAIN.key -passin file:$PASS_FILE

echo "Sign SSL certificate..."

openssl x509 -req -days 3650 -in $CERT_PATH/$DOMAIN.csr -signkey $CERT_PATH/$DOMAIN.key -out $CERT_PATH/$DOMAIN.crt

echo "genernal nginx config"
read -p "Enter you http service base url:" LOCAL_HTTP_SERVICE
# check nginx config exiss
if [ -f $NGINX_CONFIG_FOLDER/default.conf ];then
        read -p "nginx config already exists,rewrite(yes/no)? no" OP_STATUS
        OP_STATUS=${OP_STATUS:-"NO"}
        case $OP_STATUS in
                [nN][oO]|[nN])
                        echo "exit by user"
                        exit 0
                        ;;
                [yY][eE][sS]|[yY])
                        echo "genernal nginx config"
                        ;;
                *)
                        echo "Invalid select"
                        exit 5
        esac
fi
read -p "input https service port:" HTTPS_PORT
cat > $NGINX_CONFIG_FOLDER/default.conf <<EOF
server {
    listen       $HTTPS_PORT ssl;
    server_name  $DOMAIN;
    ssl_certificate /etc/nginx/cert/$DOMAIN.crt;
    ssl_certificate_key /etc/nginx/cert/$DOMAIN.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass $LOCAL_HTTP_SERVICE;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

EOF
echo "genernal docker-compose.yaml"
read -p "Enter the Docker port mapping, which defaults to the same port as the HTTPS service[$HTTPS_PORT]:" DOCKER_MAPPING_PORT
DOCKER_MAPPING_PORT=${DOCKER_MAPPING_PORT:-$HTTPS_PORT}
cat > ./docker-compose.yaml <<EOF
version: '3.9'
services:
  http_to_https:
    image: nginx:latest
    container_name: http_to_https_container
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/cert:/etc/nginx/cert
    ports:
      - "$DOCKER_MAPPING_PORT:$HTTPS_PORT"
    restart: unless-stopped
EOF

又是摸鱼的一天

风语者！平时喜欢研究各种技术，目前在从事后端开发工作，热爱生活、热爱工作。

上一篇
传输层协议UDP和TCP：特性、应用场景全解...

下一篇
网络安全警示录：.wex勒索病毒的独特特性...

站长推荐

U8W/U8W-Mini使用与常见问题解决
U8W/U8W-Mini使用与常见问题解决
分享几个国内免费的ChatGPT镜像网址(亲测有效)
分享几个国内免费的ChatGPT镜像网址(亲测有效)
stm32使用HAL库配置串口中断收发数据（保姆级教程）
stm32使用HAL库配置串口中断收发数据（保姆级教程）
QT多线程的5种用法，通过使用线程解决UI主界面的耗时操作代码，防止界面卡死。
QT多线程的5种用法，通过使用线程解决UI主界面的耗时操作代码，防止界面卡死。...
SpringSecurity实现前后端分离认证授权
SpringSecurity实现前后端分离认证授权

您现在的位置是：首页 >学无止境 >HTTP服务转HTTPS服务网站首页学无止境

HTTP服务转HTTPS服务

上一篇 传输层协议UDP和TCP：特性、应用场景全解...

下一篇 网络安全警示录：.wex勒索病毒的独特特性...

站长推荐

上一篇
传输层协议UDP和TCP：特性、应用场景全解...

下一篇
网络安全警示录：.wex勒索病毒的独特特性...