nginx 配置https

nginx配置https

nginx的https协议需要ssl模块的支持，我们在编译nginx时使用–with-http_ssl_module参数加入SSL模块。还需要服务器私钥，服务器证书，如果是公司对外环境，这个证书需要购买第三方的权威证书，否则用户体验得不到保障；

检查Nginx的SSL模块是否安装

[root@localhost sbin]# nginx -V
nginx version: nginx/1.13.1
built by gcc 10.2.1 20200825 (Alibaba 10.2.1-3 2.30) (GCC) 
built with OpenSSL 1.1.1g FIPS  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/nginx.conf --with-http_ssl_module

准备私钥和证书

阿里云免费版申请步骤
https://blog.csdn.net/a873217486/article/details/106097855

nginx.conf 配置文件

nginx配置https，80重定向到443
web

   #可选配置，配置http重定向到https
	server
	{
		listen 80;
		server_name localhost;
		rewrite ^(.*)$ https://$host$1 permanent;   #将所有http请求通过rewrite重定向到https。
		location ~*^.+$ { 
			proxy_redirect off;
			proxy_set_header Host $host;
			proxy_set_header X-real-ip $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass 请按自身情况设置;
		}
	}
	
server {
    listen 80;
    listen 443 ssl;
    server_name  manage.test-iot.com;
    
    ssl_certificate      /usr/local/nginx/6852411_manage.test-iot.com.pem;
    ssl_certificate_key  /usr/local/nginx/6852411_manage.test-iot.com.key;
    ssl_session_timeout  5m;
    ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on;
    keepalive_timeout 60;
    location / {
        root /alm/projects/manage/dist;
        index index.html;
    }
    error_page 404 /404.html;
    location = /40x.html {
    
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    	
    }   
    access_log    logs/manage_web.log ;
}

api

server {
    listen 80;
    listen 443 ssl;
    server_name business.test-iot.com;
    
    ssl_certificate      /usr/local/nginx/6860923_business.test-iot.com.pem;
    ssl_certificate_key  /usr/local/nginx/6860923_business.test-iot.com.key;
    ssl_session_timeout  5m;
    ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on;
    keepalive_timeout 60;
    
    access_log  logs/business_access.log;
    error_log   logs/business_error.log;
    
    location / {
	proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    

	#websocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
	proxy_pass http://127.0.0.1:4433;

     }
}

重启nginx服务

参考资料

阿里云免费版申请步骤
https://blog.csdn.net/a873217486/article/details/106097855