1,服务器想要发送https请求需要域名,购买域名后将购买的域名指向所需的服务器ip
2,进入certob,配置ssl证书,
3, 一些nginx服务的查询命令,
service nginx restart #重启nginx
service nginx status # 查看nginx状态
service nginx start #启动nginx服务器
vi /etc/nginx/sites-enabled/default配置服务所需指向的端口号
将default文件第二段 server代码中的location代码替换为一下代码
# gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 5;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript font/ttf font/otf image/svg+xml;
location / {
# Pass the request to Gunicorn
proxy_pass http://127.0.0.1:5001; #5001为项目所需端口,5001端口指向80端口
# Set some HTTP headers so that our app knows where the request really came from
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-BASE-URL $scheme://$http_host;
}
vi /etc/nginx/sites-enabled/default
location配置参考链接
server {
server_name 域名;
server_name_in_redirect off;
# gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 5;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript font/ttf font/otf image/svg+xml;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /ft/ {
proxy_pass http://127.0.0.1:5537/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/ {
proxy_pass http://127.0.0.1:8072/api/;
# Set some HTTP headers so that our app knows where the request really came from
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-BASE-URL $scheme://$http_host;
}
location /static/ {
proxy_pass http://127.0.0.1:8072/static/;
# Set some HTTP headers so that our app knows where the request really came from
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-BASE-URL $scheme://$http_host;
}
#静态页面指向
location / {
index index.html;
root /home/ubuntu/aaprint_web;
}
# socketio
location /socket.io/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass "http://127.0.0.1:8072/socket.io/";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-BASE-URL $scheme://$http_host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/域名/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/域名/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = 域名) {
return 301 https://$host$request_uri;
} # managed by Certbot
#if ($host != 'www.meiweier.com' ) {
# rewrite ^/(.*)$ http://www.meiweier.com/$1 permanent;
#}
listen 80;
server_name 域名;
return 404; # managed by Certbot
}