nginx配置https
nginx的https协议需要ssl模块的支持,我们在编译nginx时使用–with-http_ssl_module参数加入SSL模块。还需要服务器私钥,服务器证书,如果是公司对外环境,这个证书需要购买第三方的权威证书,否则用户体验得不到保障;
检查Nginx的SSL模块是否安装
[root@localhost sbin]# nginx -V
nginx version: nginx/1.13.1
built by gcc 10.2.1 20200825 (Alibaba 10.2.1-3 2.30) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/nginx.conf --with-http_ssl_module
准备私钥和证书
阿里云免费版申请步骤
https://blog.csdn.net/a873217486/article/details/106097855
nginx.conf 配置文件
nginx配置https,80重定向到443
web
#可选配置,配置http重定向到https
server
{
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent; #将所有http请求通过rewrite重定向到https。
location ~*^.+$ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass 请按自身情况设置;
}
}
server {
listen 80;
listen 443 ssl;
server_name manage.test-iot.com;
ssl_certificate /usr/local/nginx/6852411_manage.test-iot.com.pem;
ssl_certificate_key /usr/local/nginx/6852411_manage.test-iot.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
location / {
root /alm/projects/manage/dist;
index index.html;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
access_log logs/manage_web.log ;
}
api
server {
listen 80;
listen 443 ssl;
server_name business.test-iot.com;
ssl_certificate /usr/local/nginx/6860923_business.test-iot.com.pem;
ssl_certificate_key /usr/local/nginx/6860923_business.test-iot.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
access_log logs/business_access.log;
error_log logs/business_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:4433;
}
}
重启nginx服务
参考资料
阿里云免费版申请步骤
https://blog.csdn.net/a873217486/article/details/106097855