通过自签名证书代理或加速访问指定的URL
此方法主要用nginx实现,实现场景例如特定的游戏服务器业务需要上线服务器列表,让玩家能够搜索到服务器。
这主要是通过epic联机的游戏服务器。
生成证书:
[root@nb1 ~]# openssl req -newkey rsa:2048 -keyout api.epicgames.dev.key -out api.epicgames.dev.csr -nodes -days 3650 -subj "/CN=api.epicgames.dev" Generating a 2048 bit RSA private key ..............................................+++ ................................+++ writing new private key to 'api.epicgames.dev.key' ----- [root@nb1 ~]# openssl x509 -req -in api.epicgames.dev.csr -signkey api.epicgames.dev.key -out api.epicgames.dev.crt -days 3650 Signature ok subject=/CN=api.epicgames.dev Getting Private key [root@nb1 ~]# [root@nb1 ~]# [root@nb1 ~]# ll 总用量 9388 -rw-r--r-- 1 root root 997 1月 9 04:42 api.epicgames.dev.crt //自签名证书 -rw-r--r-- 1 root root 903 1月 9 04:42 api.epicgames.dev.csr //证书请求文件 -rw-r--r-- 1 root root 1704 1月 9 04:42 api.epicgames.dev.key //2048位的RSA私钥文件
nginx配置如下:
server {
listen 443 ssl;
server_name api.epicgames.dev;
ssl_certificate /usr/local/nginx/ssl/api.epicgames.dev/api.epicgames.dev_selfsigned_certificate_10yr.crt;
ssl_certificate_key /usr/local/nginx/ssl/api.epicgames.dev/api.epicgames.dev_private_key_10yr.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://api.epicgames.dev;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}访问者信任证书
[root@cg ~]# cp ./api.epicgames.dev_selfsigned_certificate_10yr.crt /etc/pki/ca-trust/source/anchors/ [root@cg ~]# update-ca-trust extract
修改hosts
[root@cg ~]# echo "12.12.12.12 api.epicgames.dev" >> /etc/hosts
测试访问
[root@cg ~]# curl http://api.epicgames.dev -i HTTP/1.1 403 Forbidden Server: Teddyou/2.1 Date: Tue, 09 Jan 2024 09:45:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 176 Connection: keep-alive ETag: "5c485a8a-b0" <html> <span style="font-size:18px;"> </span><span style="font-size:24px;"> <meta http-equiv="refresh" content="0;URL=http://err.teddyou.com/400/400.html"> </span> </html>
这里是由于请求内容不正确,报错403,但是实际已经通了,所以部署成功。
发表评论