1.首先确认安装nginx 和 openssl
执行nginx -v 和 openssl version
2. 生成秘钥key,运行:
创建一个生成文件的目录
cd /etc/nginx/
mkdir ssl_key
然后执行密钥key
openssl genrsa -des3 -out server.key 2048
3.创建服务器证书的申请文件server.csr,运行:
这里会需要输入一些基本信息,随便输入即可,例如都可以输入你的英文名字
openssl req -new -key server.key -out server.csr
4.创建CA证书:
这里会需要输入一些基本信息,随便输入即可,例如都可以输入你的英文名字
openssl req -new -x509 -key server.key -out ca.crt -days 3650
5.创建自当前日期起有效期为期十年的服务器证书server.crt:
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
6.然后可以查看生成的文件夹下的文件
ls你的文件夹,可以看到一共生成了5个文件
ca.crt ca.srl server.crt server.csr server.key
其中,server.crt和server.ke
就是你的nginx需要的证书文件.
7.重要步骤:配置nginx.config
进入 vi nginx.config 修改 http 下的server
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
log_format main '[$time_local] "$request" $remote_addr - $remote_user'
'$status $body_bytes_sent '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
gzip on;
gzip_min_length 2k;
gzip_buffers 32 16k;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
charset utf-8;
server_names_hash_bucket_size 512;
server {
#监听443端口
listen 443;
#你的域名
server_name 127.0.0.1;
ssl on;
ssl_certificate /etc/nginx/ssl_key/server.crt;#配置证书位置
ssl_certificate_key /etc/nginx/ssl_key/server.key;#配置秘钥位置
}
}
8.然后启动
cd /etc/nginx
#进入目录, 执行
sudo nginx -c /etc/nginx/nginx.conf
#然后重启nginx
nginx -s reload
#通过查看进程,可杀掉之前的nginx
ps -ef|grep nginx
9.如果配置之前的项目 加location /{}内容即可
下面的是我自己配置好的nginx.conf,当然 server 可以配置多个
user into;
worker_processes 2;
error_log /var/log/nginx/error.log;
#pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
worker_connections 65535;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
log_format main '[$time_local] "$request" $remote_addr - $remote_user'
'$status $body_bytes_sent '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
gzip on;
gzip_min_length 2k;
gzip_buffers 32 16k;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
charset utf-8;
server_names_hash_bucket_size 512;
server {
#监听8013端口(在线预览代理)
listen 8013;
#你的域名
server_name 127.0.0.1;
ssl on;
ssl_certificate /etc/nginx/ssl_key/server.crt;#配置证书位置
# add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
add_header Content-Security-Policy "upgrade-insecure-requests";
ssl_certificate_key /etc/nginx/ssl_key/server.key;#配置秘钥位置
location / {
proxy_redirect off;
proxy_set_header Host $host:8012;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8012;
}
}
server {
#监听443端口
listen 443;
#你的域名
server_name 127.0.0.1;
ssl on;
ssl_certificate /etc/nginx/ssl_key/server.crt;#配置证书位置
# add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
add_header Content-Security-Policy "upgrade-insecure-requests";
ssl_certificate_key /etc/nginx/ssl_key/server.key;#配置秘钥位置
location / {
# try_files $uri $uri/ /index.html break;
try_files $uri $uri/ /index.html;
index index.html;
root /home/into/app/master/front/dist/;
}
location /modeler.html {
proxy_set_header Host $host:443;
proxy_pass http://127.0.0.1:8844;
}
location /editor-app {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:443;
}
location /swagger-ui.html {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:443;
}
location /swagger-resources {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:443;
}
location /swagger {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:443;
}
location /webjars {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:443;
}
location /v2 {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:443;
}
location /druid {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:443;
}
location /doc {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:443;
}
# location /xboot/admin/ {
# proxy_pass http://127.0.0.1:8844;
# proxy_set_header Host $host:443;
# }
location /xboot/ {
proxy_set_header Host $host:443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8844;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /store/ {
alias /home/into/app/run/store/;
}
}
server {
listen 80;
server_name 127.0.0.1;
client_max_body_size 10M;
index index.html;
location / {
# try_files $uri $uri/ /index.html break;
try_files $uri $uri/ /index.html;
index index.html;
root /home/into/app/run/front/dist/;
}
location /ftp/ {
alias /home/ftpuser/;
}
location /xboot/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8877;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /modeler.html {
proxy_pass http://127.0.0.1:8877;
}
location /editor-app {
proxy_pass http://127.0.0.1:8877;
}
location /swagger-ui.html {
proxy_pass http://127.0.0.1:8877;
}
location /swagger-resources {
proxy_pass http://127.0.0.1:8877;
}
location /swagger {
proxy_pass http://127.0.0.1:8877;
}
location /webjars {
proxy_pass http://127.0.0.1:8877;
}
location /v2 {
proxy_pass http://127.0.0.1:8877;
}
location /druid {
proxy_pass http://127.0.0.1:8877;
}
location /doc {
proxy_pass http://127.0.0.1:8877;
}
location /store/ {
alias /home/into/app/run/store/;
}
location /website{
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8877;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 8866;
server_name 127.0.0.1;
client_max_body_size 10M;
index index.html;
location / {
# try_files $uri $uri/ /index.html break;
try_files $uri $uri/ /index.html;
index index.html;
root /home/into/app/master/front/dist/;
}
location /modeler.html {
proxy_set_header Host $host:8866;
proxy_pass http://127.0.0.1:8844;
}
location /editor-app {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /swagger-ui.html {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /swagger-resources {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /swagger {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /webjars {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /v2 {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /druid {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /doc {
proxy_pass http://127.0.0.1:8844;
proxy_set_header Host $host:8866;
}
location /xboot/ {
proxy_set_header Host $host:8866;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8844;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /store/ {
alias /home/into/app/run/store/;
}
}
server {
listen 81;
server_name 127.0.0.1;
client_max_body_size 10M;
index index.html;
location / {
# try_files $uri $uri/ /index.html break;
try_files $uri $uri/ /index.html;
index index.html;
root /home/into/ITZFSimulationUI/dist/;
}
location /ftp/ {
alias /home/into/app/run/store/;
}
location /xboot/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8877;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /modeler.html {
proxy_pass http://127.0.0.1:8877;
}
location /editor-app {
proxy_pass http://127.0.0.1:8877;
}
location /swagger-ui.html {
proxy_pass http://127.0.0.1:8877;
}
location /swagger-resources {
proxy_pass http://127.0.0.1:8877;
}
location /swagger {
proxy_pass http://127.0.0.1:8877;
}
location /webjars {
proxy_pass http://127.0.0.1:8877;
}
location /v2 {
proxy_pass http://127.0.0.1:8877;
}
location /druid {
proxy_pass http://127.0.0.1:8877;
}
location /doc {
proxy_pass http://127.0.0.1:8877;
}
location /store/ {
alias /home/into/app/run/store/;
}
location /website{
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8877;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
最后遇到个 配置了https后,访问不到https 的springboot admin接口和页面了,然后通过加以下配置即可