1,需要去阿里申请ca认证,阿里有一个免费的
2,将得到的.pem文件和.key文件放到服务器上
3,nginx需要http_ssl_module模块
4,https配置
upstream tomcatserver {
server 127.0.0.1:91;
}
server{
listen 90 ssl;
server_name www.moshiwenhua.com.cn;
ssl_certificate /usr/local/src/nginx-443/cert/1158456_www.moshiwenhua.com.cn.pem;
ssl_certificate_key /usr/local/src/nginx-443/cert/1158456_www.moshiwenhua.com.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /{
proxy_pass http://tomcatserver;
index index.html index.htm;
}
}
5,wss配置
upstream tomcatserver {
server 127.0.0.1:91;
}#https和wss的upstream如果名称一样,只需要配置一次
server{
listen 92 ssl;
server_name www.moshiwenhua.com.cn;
ssl_certificate /usr/local/src/nginx-443/cert/1158456_www.moshiwenhua.com.cn.pem;
ssl_certificate_key /usr/local/src/nginx-443/cert/1158456_www.moshiwenhua.com.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /{
index index.html index.htm;
proxy_pass http://tomcatserver;
proxy_http_version 1.1;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300s;
}
}