1. 生成证书
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl rsa -in server.key -out server_unsecure.key
2. nginx 配置
server{
client_max_body_size 100m;
listen 443 ssl;
proxy_ssl_session_reuse off;
server_name www.example.com;
#可以用阿里pem证书替换
ssl_certificate ./conf.d/server.crt;
#可以用阿里key证书替换
ssl_certificate_key ./conf.d/server_unsecure.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /usr/share/nginx/html;
index index.html index.htm;
location ^~ /api/demo {
proxy_pass http://10.110.1.11:67/demo;
}
#文件上传
location ^~ /api/upload {
proxy_pass http://10.110.1.11:69/upload;
}
#上传显示
location /uploads {
alias /uploads;
break;
}
#前端访问静态文件
location ^~ /admin {
try_files $uri $uri/ /admin/index.html;
}
location /websocket {
proxy_pass http://10.110.1.11:2020/websocket;
proxy_read_timeout 3600000s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}