nginx配置https和配置多个域名:
一个服务器配置多个域名含二级域名,在实际项目中我碰到了这样一个问题,一台服务器上跑了多个项目,以不同的端口号来跑,服务器只有一个 ,不配置https的话页面会提示不安全,所以要配置多个域名,以此来满足需求。
我用的是腾讯云的域名和服务器,腾讯云支持二级域名的配置(阿里云貌似不行),具体的请参考他们各自的文档。
几个需要注意的点,证书,端口,证书的话要到相对应的服务商那里解析,解析完成后下载下来放到相对应的目录下,端口的话要对应上,通过80端口转发到433端口,以实现http跳转到https。
配置成功后重启nignx
./nginx
单域名配置
events {
worker_connections 1024;
}
http{
client_max_body_size 20m;
server{
listen 443 ssl;
server_name 域名一;
root html;
index index.html index.htm;
ssl_certificate ../证书位置/xxx.crt;
ssl_certificate_key ../证书位置/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8011/;#映射端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#http转发为https
server {
listen 80;
server_name 域名一;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
}
多域名配置
events {
worker_connections 1024;
}
http{
client_max_body_size 20m;
server{
listen 443 ssl;
server_name 域名一;
root html;
index index.html index.htm;
ssl_certificate ../证书位置/xxx.crt;
ssl_certificate_key ../证书位置/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8011/;#映射端口,我配置的服务器是同一台,这边写的是127.0.0.1
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server{
listen 443 ssl;
server_name www.zhenonline.com;
root html;
index index.html index.htm;
ssl_certificate ../证书位置/xxx.crt;
ssl_certificate_key ../证书位置/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8011/;#映射端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server{
listen 443 ssl;
server_name ar.zhenonline.com;
root html;
index index.html index.htm;
ssl_certificate ../证书位置/xxx.crt;
ssl_certificate_key ../证书位置/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8011/;#映射端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#http转发为https
server {
listen 80;
server_name 域名一;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 80;
server_name 域名二;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 80;
server_name 域名三;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
}