HTTPS 配置
-
获取到证书之后打包Nginx证书文件夹并上传证书到服务器/etc/pki下
scp nginx.zip root@yupaopao.icu:/etc/pki
-
服务端输入命令查看
cd /etc/pki unzip nginx.zip rm -rf nginx.zip cd Nginx/
-
HTTPS 域名还需要配置
-
服务器安全组规则里打开
443 端口
并做好缓存配置
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.yupaopao.icu yupaopao.icu;
root /home/www;
ssl_certificate "/etc/pki/nginx/1_yupaopao.icu_bundle.crt";
ssl_certificate_key "/etc/pki/nginx/2_yupaopao.icu.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ~* \.(html)$ {
# 关闭访问日志
access_log off;
# 添加响应头,no-cache:协商缓存,no-store:不缓存
add_header Cache-Control max-age=no-cache;
}
# 特定文件设置强缓存
location ~* \.(css|js|png|jpg|jpeg|gif|gz|svg|mp4|ogg|ogv|webm|htc|xml|woff)$ {
access_log off;
add_header Cache-Control max-age=360000;
}
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
location /api/ {
proxy_pass http://realworld.api.fed.lagounews.com/api/;
}
location / {
proxy_pass http://127.0.0.1:3000;
}
- 访问http时重定向到https,在http server中配置
# 永久重定向到https
return 301 https://www.yupaopao.icu$request_uri;
- 配置好之后上传
scp nginx.conf root@yupaopao.icu:/etc/nginx/nginx.conf
- 重启即可生效
nginx -s reload
开启HTTP/2 的好处
-
压缩请求头与响应头
,发送一串数字标识到服务器,服务器根据这个数字标识去查表.从而大大减小发送请求头与响应头的数据量
-
支持serve push
,在浏览器请求首页的时候直接把首页中需要返回的资源一并返回.减少请求耗费的时间
可在nginx.conf中作如下配置.location / { http2_push /css/app.3d328b21.css; http2_push /js/app.03455d91.js; http2_push /js/chunk-vendors.b2150c02.js; }
-
详情可参考栾一峰老师网络日志