工欲善其事

1、nginx安装

略，不要忘记安装ssl模块

2、ssl证书生成

生成key

openssl genrsa -out server.key 1024

根据私钥生成证书申请,创建签名请求的证书（CSR）注意 ch那边必须写

openssl req -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:ch
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:111111

最后标记证书使用上述私钥和CSR

openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650

3、修改配置

mac下的默认路径

cd /usr/local/etc/nginx

linux下的默认地址
不知道

将生成的三个文件拷贝到nginx配置的那个目录的ssl文件夹（自己创建并不存在）下
配置如下：

server {
	client_max_body_size 50m;

	listen       80;
	listen 443 ssl http2;
	server_name  api.minimalist.llilei.work;

    # SSL-Start
	ssl_certificate     /usr/local/etc/nginx/ssl/server.crt;
	ssl_certificate_key /usr/local/etc/nginx/ssl/server.key;
	# SSL-End
	
	location ^~ / {
		proxy_pass              http://127.0.0.1:7850/;
		proxy_set_header        Host $host;
		proxy_set_header        X-Real-IP $remote_addr;
		proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	
}

重启或重新加载nginx

nginx -s reload

如果是访问域名，不要忘记在hosts文件中配置