1、80端口防止反代比较容易,在nginx上加入如下配置即可。
server {listen 80 default_server;return 444;}
2、443端口防范配置则需要配置ssl证书,否则所有https请求都会失败,下面是颁发自签名证书和配置过程。
(1)首先确保机器上安装了openssl和openssl-devel,没有的话执行如下指令安装:
yum install opensslyum install openssl-devel
(2)生成证书
# 首先,进入你想创建证书和私钥的目录,例如:
cd /home/certs/
# 创建服务器私钥,命令会让你输入一个口令:
openssl genrsa -des3 -out server.key 2048
# 创建签名请求的证书,最后两步密码留空(CSR):
openssl req -new -key server.key -out server.csr
# 在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:
cp server.key openssl rsa -in -out server.key
# 最后标记证书使用上述私钥和CSR:
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
3、配置Nginx,让其包含新标记的证书和私钥,实现https防止反代或者恶意解析。
server {listen 80 default;listen 443 ssl;ssl_certificate/home/certs/server.crt;ssl_certificate_key /home/certs/server.key;return 444;}
4、通用证书
server.crt
-----BEGIN CERTIFICATE-----MIIDADCCAegCCQD1QN1qSj8kbjANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJDTjEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMB4XDTE5MTEyOTAxNTgyOFoXDTI5MTEyNjAxNTgyOFowQjELMAkGA1UEBhMCQ04xFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxdTeQgCZU41f1DMn5LA+Wq9JhxfeZwUcOiz7VxfOMwkskpOqc28SjUdRl+fDuwmk7rJnvMjmB3rZLKc6vw9cR0/fjMaTPdBUWbxc1n1MS5I6jd588860JiljK884fNYb9+6tLJ9yZnI1GR0DRlQLqxgDoU6J/yQNosGvSNz5McTFcTFDU7WkBGsTEDf7Qw6JMh93MexwOgy0cMu5T4mRJlkNYAPdu/usgUVugOvCHPEV/igfvNTOoTQ5Ptc2mKD9+PgfJQGLLR/QIkjJob4cXjCtg+rh87TY3p18Mv5hYFXMs2Uy7RcbFWROx4gcMN80m1HlHOoyMwZDq35uZedKsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAcCYZhXj6mfsgh0aBm2iSp/q2a8vg5MvLsIPKA2IazZmLvrZSS3P3pdNuBHXi4V2hT1QgCW463nW1r8oEd/6ErV6SZXWI1XwjmkP5kCrfx38rrkbQU00F6x7myTkGigQw/oiALxX6a5lMzNqObGP6P0u36jB/vWKzbGP7GjdwINXlh9XxueFVW1/AObN+VpL2Vn7lrdhurIJ20XJxSUu+gFBKdZ/zEQvHvAEqunr4VSrgLPiHJvYgH6K7TRoPTl1cCQGyjAb0U+cjCt831n7sCe9o+xsRUMEsBj4xedShTj71nz07gDJqC/MKEhX/T7MFCmVNQaCnodLA+crAmmPxVQ==-----END CERTIFICATE-----
server.key
-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEA3F1N5CAJlTjV/UMyfksD5ar0mHF95nBRw6LPtXF84zCSySk6pzbxKNR1GX58O7CaTusme8yOYHetkspzq/D1xHT9+MxpM90FRZvFzWfUxLkjqN3nzzzrQmKWMrzzh81hv37q0sn3JmcjUZHQNGVAurGAOhTon/JA2iwa9I3PkxxMVxMUNTtaQEaxMQN/tDDokyH3cx7HA6DLRwy7lPiZEmWQ1gA927+6yBRW6A68Ic8RX+KB+81M6hNDk+1zaYoP34+B8lAYstH9AiSMmhvhxeMK2D6uHztNjenXwy/mFgVcyzZTLtFxsVZE7HiBww3zSbUeUc6jIzBkOrfm5l50qwIDAQABAoIBAA38AdhrTBBjNflHjWnEWu/1RGZ0NVgtYpL2vxW1qQZF69rGOgmoi+9aZEAE7d9f2rsNYzjSB2sJzUMWg/ayaPZZslBasIZxDUeYlhnt7+u4EBJEWtSk+g0RcpSvtwi0OPLNHBvaY0vVmcEwbrUUg+IVJ50H/KdB2Wm/CMriQP0F3YCZ0Kw4ss2UXVakfTe0FORKyFYG8LHq+wHhhyUMhLXZHrvWwtRlnd+HZ4cyo4ziGtQvbP0IXuVJAxgrJQXmjZ3Yas1fyIPLJMGkEOB4PGc06SxdhSwWeai+W1iyu0oSXA22w2ToK5UpiwvqaF+XqOUA0jMuNozp/DBhY0QK4JECgYEA/YFJW4bblwZpgs67fKvrundz992hs1jAms6qT0x212Iad7Xo4fn+raW92UucMiphhKPElWOulQwJSEQOm2jKlARqPRuOzVdLbpaQbh4ROqV1kYn992P0lDdkaVkg8SoYyBv35N50ltA7oyBt0R6SjhG1X1mRjXDUFVjo6Wrz9YMCgYEA3oiE41XWb47b1QIVi/n4sb9erdpZhCJPHOejynxa/ixFpUje35iZ8sfGox8dXV6siVTgXDk+i7F66Ja0HS+duIXkadhhhjp+FvVoQuQfCOhVUlNRq15KfoqIYVySzfhw6Z+e4NLCY0LIA8L3KOrlmzjBUYcjzYxpKprNWZnQg7kCgYEA873sb6Fh33sd1dS6NiwDMj2KdmdWA2AxiGdvH2HQ3lSISFPSv/wj4Ih82sI1Q5K2QtdHu6+le8+f2Sj+tnRyWxFHqMunaU4mzATeh9JHFJFkUnRQiR5FWoFL/XLiFp84RqeFmTw+84bx4G3cyPXRSeJC9pPjPBChCol7IHtiZ8sCgYAvtDJQjZkfZw+HFSBLVnXSnMSOHk2sPrKY7qs0//19mT4A1aM5aXwvCFZzp3rjBiWUdwZ1nqvixFQlwhCwZQG5ibJSYlldrfJTt533IPHqNev8bvIF+3uartXXkUHDN6v02Qv1BBk5sBoyfDwBoIFCCiOe94pcSOpOgMrel1OUuQKBgE1Nhhadr/SqaRovs7Ip2vSCzgQJlPsE13rEm3OXilA4nAcK9mW9PgtGZWRiSF0M+daAB4XElaMJ+1lhJFSVQKaNTW/U7i/YJa0slVh456+3hgBm0CdTOi3jaVMjnJchKedL2C6yP1YJTc/VEeoxnpkSym5NgnSPSeiNW5bhn1gN-----END RSA PRIVATE KEY-----
