1、购买SSL证书(腾讯云为例)
2、绑定域名后下载证书到本地
3、上传证书到服务器,修改NGINX配置文件
user root;
worker_processes auto;
worker_rlimit_nofile 204800;
events {
use epoll;
worker_connections 1024;
accept_mutex on;
multi_accept on;
}
http {
limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s;
include mime.types;
default_type application/octet-stream;
server {
listen 8001;
server_name 【你的域名】;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name 【服务器IP地址】;
root /data/dist;
port_in_redirect off;
ssl_certificate 【上一步上传的证书里的_bundle.crt结尾的证书】;
ssl_certificate_key 【上一步上传的证书里的.key结尾的文件】;;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /maintain/api/ {
limit_req zone=one burst=5 nodelay;
proxy_pass http://192.168.50.151:8080/maintain/api/;
}
location /file/ {
alias "/data/ftp/back_up/";
autoindex on;
autoindex_localtime on;
autoindex_format html;
autoindex_exact_size off;
charset utf-8,gbk;
auth_basic "admin";
auth_basic_user_file "/data/nginx/htpasswd";
}
location /log/ {
alias "/data/cloud/log/";
autoindex on;
autoindex_localtime on;
autoindex_format html;
autoindex_exact_size off;
charset utf-8,gbk;
add_header Content-Type "text/plain;charset=utf-8";
auth_basic "admin";
auth_basic_user_file "/data/nginx/htpasswd";
}
}
}
4、重新加载NGINX配置
/data/nginx/sbin/nginx -s reload
5、开放443端口(HTTPS默认使用443端口)
iptables -I INPUT -p tcp --dport 443 -j ACCEPT