centos7部署nest.js后端https服务
1、部署nest项目
1.nest后端项目build打包
2.把dist目录上传到服务器任意目录
3.进入src目录,node main启动nest项目
2、安装并启动nginx:
1.centos7安装nginx (yum install nginx)
2.启动nginx并设置开机自启
systemctl enable nginx
systemctl start nginx 或 service nginx start
3、制作自签名证书:
cd /etc/nginx/
mkdir ssl
cd ssl
- 生成server.key
openssl genrsa -aes256 -out server.key 2048 - 生成无密码的server.key
openssl rsa -in server.key -out server.key - 创建服务器证书的申请文件 server.csr
openssl req -new -key server.key -out server.csr
依次输入国家、省份、城市、公司、部门及邮箱 - 生成crt证书文件server.crt
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
4、编辑nginx.conf中https相关配置:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
root /usr/share/nginx/html;
# (这里是对应的证书和秘钥文件)
ssl_certificate "/etc/nginx/ssl/server.crt";
# (这里是对应的证书和秘钥文件)
ssl_certificate_key "/etc/nginx/ssl/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# 这里是想要通过https访问的服务代理(ip+端口)
location / {
proxy_pass http://127.0.0.1:3001;
}
}