需求:使用 nginx
反向代理把局域网内的 HTTP
协议转为 HTTPS
协议
1、【SSL证书】创建局域网或单机可信任证书
资源文件:https://github.com/FiloSottile/mkcert
参考博主:https://blog.csdn.net/u013018858/article/details/108798003
生成证书文件:
2、【Nginx】 HTTP
协议转为 HTTPS
协议
nginx.conf 配置:
user root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
server{
listen 443 ssl;
server_name 192.168.120.129;
ssl_certificate /etc/nginx/192.168.120.129.pem;
ssl_certificate_key /etc/nginx/192.168.120.129-key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:1m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Origin $http_origin;
location / {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods $http_access_control_request_method;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Headers $http_access_control_request_headers;
add_header Access-Control-Max-Age 1728000;
return 204;
}
proxy_pass http://192.168.120.129;
}
}
}