Nginx配置https
记录一下实验室测试版服务器的https配置流程,本次为http升级至https
原有的http配置:
server {
listen 8001;
server_name localhost;
#set $live_status 0 #直播是否开启,初始值为0,关闭
location / {
root /home;
index index.html index.html;
}
location /live {
flv_live on;
chunked_transfer_encoding on;
add_header 'Access-Control-ALLow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
}
error_page 500 502 503 504 /50x.html;
location = /50x.html{
root html;
}
}
要想升级为https需要在nginx配置一个代理,就是反向代理类似的操作
同时需要添加安全证书的路径,更改后如下:(参考:/usr/local/openresty/nginx/conf/nginx.conf)
server {
listen 8002 ssl;
listen 8001;
server_name live;
server_name live.test.tinylink.cn;
#set $live_status 0 #直播是否开启,初始值为0,关闭
#ssl_certificate /root/.acme.sh/*.test.tinylink.cn/fullchain.cer;
#ssl_certificate_key /root/.acme.sh/*.test.tinylink.cn/*.test.tinylink.cn.key;
ssl_certificate /etc/letsencrypt/live/api.test.tinylink.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.test.tinylink.cn/privkey.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
client_max_body_size 500M;
client_body_buffer_size 500M;
location / {
proxy_pass http://localhost:8001/;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
}
location /live {
flv_live on;
chunked_transfer_encoding on;
add_header 'Access-Control-ALLow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
}
error_page 500 502 503 504 /50x.html;
location = /50x.html{
root html;
}
}
之后去配置frpc,位置在:/root/yangg/frp/configs/frp/frpc.ini
[http_linklab_test_api_live_https]
type = https
custom_domains = live.test.tinylink.cn
plugin = https2http
plugin_local_addr = 127.0.0.1:8001
plugin_crt_path = /root/.acme.sh/*.test.tinylink.cn/fullchain.cer
plugin_key_path = /root/.acme.sh/*.test.tinylink.cn/*.test.tinylink.cn.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp
之后重启frpc服务:
$ systemctl restart frpc-http.service
$ openresty -s reload