前言
设置这个是比拟好用的。代理的话,最好是以跑 https 做测试。如果想弄个收费的证书的话,点击我
一、证书上传
上传间接能够通过 finalShell 工具,证书放在:/etc/ssl/certs/ 证书名.pem;
二、配置 http 重定向 https
进入到
cd /usr/local/nginx/conf/
编辑
vi nginx.conf
找到 server 是 80 的。加上重定向到 https 下面
# 省略代码块
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
rewrite ^(.*)$ https://$host$1 permanent; #用于将 http 页面重定向到 https 页面
location / {
root html;
index index.html index.htm;
}
# 省略代码块
加上了后,在找到正文的:# HTTPS server。将上面的一段话 http 的正文关上,而后更改 ssl 地址
# 省略代码块。找到 HTTPS server 正文,上面全副关上
# HTTPS server
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/ssl/certs/4489861_www.lolku.cn.pem;
ssl_certificate_key /etc/ssl/certs/4489861_www.lolku.cn.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
三、重新启动配置
重启后,就能够在页面上跑了。
/usr/local/nginx/sbin/nginx -s reload
四、二级域名 https 代理
后面只是解说以后一级域名 https 的申请。依据 http 二级域名教训,进行制作二级 https 二级域名。都是一样的,只有前面新增一个新的,而后再代理上新的就好了(留神:肯定是在第一个 server 的前面新增 server)。比方:
worker_processes 1;
events {worker_connections 1024;}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent; #用于将 http 页面重定向到 https 页面
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {root html;}
}
# 只能在前面新增,不能放在后面
server {
listen 80; # 端口
server_name api.xxxx.cn; # 域名
rewrite ^(.*)$ https://$host$1 permanent; #用于将 http 页面重定向到 https 页面
location / {
proxy_pass http://localhost:3000; # 代理的中央
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# # HTTPS server
# #
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/ssl/certs/xxxxx.pem;
ssl_certificate_key /etc/ssl/certs/xxxxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
# 只能在前面新增,不能放在后面
server {
listen 443 ssl;
server_name api.xxx.cn;
ssl_certificate /etc/ssl/certs/xxxxxx.pem;
ssl_certificate_key /etc/ssl/certs/xxxxxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3000; # 代理的中央
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
五、拜访
拜访 http://xxx.cn 是能够的,而后 api.xxx.cn 会报危险正告,起因在于代理的 proxy_pass http://localhost:3000; 这个地址是 http 不是 https,所以有问题。解决方案:http://locakhost:3000 换成 https://locakhost:3000 或者改成 https://xxx.cn:3000
六、重启下配置
留神:每次更改下配置都得重新启动下
/usr/local/nginx/sbin/nginx -s reload
【原地址】:https://lolku.cn/web/details/posts/39