Nginx配置http升级https

最新推荐文章于 2024-04-27 23:04:19 发布

Parzivval

最新推荐文章于 2024-04-27 23:04:19 发布

阅读量2.6k

点赞数

文章标签： nginx https http

本文链接：https://blog.csdn.net/lannister_awalys_pay/article/details/122631427

版权

Nginx配置https

记录一下实验室测试版服务器的https配置流程，本次为http升级至https

原有的http配置：

server {
  		listen		8001;
  		 server_name 	localhost;
  		 #set $live_status 0			#直播是否开启，初始值为0，关闭
  		 location / {
  		 	root	/home;
  		  	index	index.html	index.html;
  		}

  		location /live {
  			flv_live on;
  			chunked_transfer_encoding on;
  			add_header 'Access-Control-ALLow-Origin' '*';
  			add_header 'Access-Control-Allow-Credentials' 'true';
  		}
  		
  		error_page		500 502 503 504 	/50x.html;
  		location = /50x.html{
  			root 	html;
  		}
  	}

要想升级为https需要在nginx配置一个代理，就是反向代理类似的操作

同时需要添加安全证书的路径，更改后如下：（参考：/usr/local/openresty/nginx/conf/nginx.conf）

server {

		listen		8002 ssl;
  		listen		8001;
  		server_name 	live;
      server_name live.test.tinylink.cn;
  		#set $live_status 0			#直播是否开启，初始值为0，关闭

  		#ssl_certificate /root/.acme.sh/*.test.tinylink.cn/fullchain.cer;
	    #ssl_certificate_key /root/.acme.sh/*.test.tinylink.cn/*.test.tinylink.cn.key;

  	 ssl_certificate /etc/letsencrypt/live/api.test.tinylink.cn/fullchain.pem;
		 ssl_certificate_key /etc/letsencrypt/live/api.test.tinylink.cn/privkey.pem;
  
		 ssl_session_timeout 5m;
		 ssl_session_cache shared:SSL:50m;
		 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
		 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
                 
     client_max_body_size 500M;
     client_body_buffer_size 500M;
	     
  	 location / {
  		  
		    proxy_pass http://localhost:8001/;
		    
        proxy_set_header Host $host:$server_port;
		    proxy_set_header X-Real-IP $remote_addr;
	      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	   	  proxy_redirect off;
	      #proxy_set_header Upgrade $http_upgrade;
       	#proxy_set_header Connection "upgrade";
    
  		}

  		location /live {
  			flv_live on;
  			chunked_transfer_encoding on;
  			add_header 'Access-Control-ALLow-Origin' '*';
  			add_header 'Access-Control-Allow-Credentials' 'true';
  		}
  		
  		error_page		500 502 503 504 	/50x.html;
  		location = /50x.html{
  			root 	html;
  		}
  	}

之后去配置frpc，位置在：/root/yangg/frp/configs/frp/frpc.ini

[http_linklab_test_api_live_https]
type = https
custom_domains = live.test.tinylink.cn

plugin = https2http
plugin_local_addr = 127.0.0.1:8001

plugin_crt_path = /root/.acme.sh/*.test.tinylink.cn/fullchain.cer
plugin_key_path = /root/.acme.sh/*.test.tinylink.cn/*.test.tinylink.cn.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp

之后重启frpc服务：

$ systemctl restart frpc-http.service
$ openresty -s reload

Parzivval

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Nginx配置http升级https

Nginx配置https记录一下实验室测试版服务器的https配置流程，本次为http升级至https原有的http配置：server { listen 8001; server_name localhost; #set $live_status 0 #直播是否开启，初始值为0，关闭 location / { root /home; index index.html index.html; } location
复制链接

扫一扫