1、创建文件夹:/usr/local/nginx/conf/cert;并将证书放在此文件夹下面
_.site.com.crt
_.site.com.key
2、配置nginx.conf
upstream test_site {
server 127.0.0.1:8088;
}
server{
listen 80;
listen 443 ssl;
server_name test.site.com; #监听域名
ssl off;
ssl_certificate cert/_.site.com.crt;
ssl_certificate_key cert/_.site.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 100m;
location / {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,AppId,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
#if ($request_method = 'POST') {
#add_header 'Access-Control-Allow-Origin' '*';
#add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,AppId,Authorization';
#}
proxy_pass http://test_site;
}
location /chat/signalr { #配置signalr(websocket)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://test_site;
}
location /files/ { #静态文件
root /data/webapp/hotel;
#alias /data/webapp/hotel/files/;
}
}