1、nginx版本
nginx version: nginx/1.10.3
制作域名CA证书参考 https://www.cnblogs.com/dongming/p/6378723.html
2、https代理
指定IP(nginx服务器地址或者域名地址)访问转成https
server {
listen 80;
server_name demo.test.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name test.com; #填写绑定证书的域名
ssl on;
ssl_certificate /usr/local/nginx/conf/demo.test.com.crt; #填写具体nginx证书位置
ssl_certificate_key /usr/local/nginx/conf/demo.test.com.key; #填写具体nginx证书密钥位置
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
#error_page 497 https://$host$uri?$args;
#charset koi8-r;
add_header Strict-Transport-Security max-age=16000000;
access_log logs/host.access.log main;
location / {
proxy_pass http://127.0.0.1:8080/web/; #请求代理到指定的服务
proxy_set_header clientIP $remote_addr;
proxy_set_header forwarded-for $proxy_add_x_forwarded_for;
}
}