利用Nginx 代理https 转到访问本机 http 的访问,首先需要有证书:手头开发环境下使用了自签名工具生成pfx证书文件;
接着找一个在线的证书格式转化工具,将pfx格式证书提前公钥和私钥。
Nginx配置如下:
server {
#listen 80;
listen 443 ssl;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;e
ssl_certificate cert/nacos.crt;
ssl_certificate_key cert/nacos.key;
ssl_session_timeout 5m;
ssl_protocols TLSV1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
charset utf-8;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
#root html;
#index index.html index.htm;
proxy_pass http://localhost:5002/;
#proxy_pass http://127.0.0.1:8848/nacos;
}
这个过程中提示报错:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
注意ssl协议的版本:例如修改成 ssl_protocols TLSV1 TLSv1.1 TLSv1.2;
另外一个错误:PEM_read_bio_X509_AUX() failed (SSL: error:0906D06C )
是因为证书内容错误,重新生成后错误消失;
Nginx 配置文件检查:nginx -t;
nginx: the configuration file D:\nginx-1.22.1/conf/nginx.conf syntax is ok
nginx: configuration file D:\nginx-1.22.1/conf/nginx.conf test is successful
启动Nginx : start nginx
测试验证: