在springboot
实现了ssl
功能之后,还要再同一台服务器部署一个静态页面用于其他的需求。选用的是Nginx
,配置了ssl
,动态网址+静态页面。
这里还是把springboot
应用的ssl
功能屏蔽了,直接暴露了8080
端口,然后通过Nginx
指向到8080
。具体配置看下面
# nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
charset utf-8;
#gzip on;
server{
#下面配置会报异常“[warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead”
#ssl on
#这样才是正确的
listen 443 ssl;
server_name www.xxx.com;
#证书文件
ssl_certificate /etc/certs/cert.pem;
ssl_certificate_key /etc/certs/cert.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
#swagger相关
location /swagger-ui.html {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:8080/swagger-ui.html;
}
location /swagger-resources {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:8080/swagger-resources;
}
location /v2/api-docs {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:8080/v2/api-docs;
}
location /webjars {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:8080/webjars;
}
#其他业务url,有多个,省略了
location /wxpay {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://127.0.0.1:8080/wxpay;
}
#静态页面
location /index.html {
root /www/html/;
index index.html;
}
#静态资源(静态页面需要使用的js文件)
location /jquery-1.9.1.min.js {
root /www/html/;
}
}
server {
listen 80;
server_name www.xxx.com;
#跳转到443端口
rewrite ^/(.*)$ https://www.xxx.com:443/$1 permanent;
}
}
这里遇到一个坑,就是在静态资源配置的时候这样写的
#静态资源(静态页面需要使用的js文件)
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|pdf|txt) {
root /www/html/;
}
这样是满足静态页面index.html
的需求,但是会把swagger
相关的静态资源指向/www/html/
目录,这肯定是找不到的,所以没办法加载,需要指明文件。