一、需求描述
1.1、前提条件
- nacos部署之后访问地址是https://127.0.0.1:8848/nacos
- 现有域名:nacos.company.com。
1.2、目标
- 浏览器输入域名nacos.company.com可以直接访问nacos的页面。
- 要求https访问
二、解决方案
2.1、尝试一
配置如下
upstream nacos {
server 127.0.0.1:8848;
}
server {
listen 80;
server_name nacos.company.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443 ssl;
server_name nacos.company.com;
ssl_certificate /opt/certs/3815799_nacos.company.com.pem;
ssl_certificate_key /opt/certs/3815799_nacos.company.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nacos/;
}
}
按照上面配置nginx之后,输入域名显示404。
失败分析原因
- 因为nacos的访问必须带有一个/nacos的上下文。输入域名之后是https://nacos.company.com,却不是https://nacos.company.com/nacos
2.2、尝试二
配置如下
upstream nacos {
server 127.0.0.1:8848;
}
server {
listen 80;
server_name nacos.company.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443 ssl;
server_name nacos.company.com;
ssl_certificate /opt/certs/3815799_nacos.company.com.pem;
ssl_certificate_key /opt/certs/3815799_nacos.company.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /nacos {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nacos/nacos;
}
location / {
return 301 https://${server_name}/nacos/index.html;
}
}
成功