使用 include 引入ssl 单独的配置文件
结构如下:ssl文件夹存放证书文件
ssl.conf:
#ssl.conf文件内容
server {
listen 443 ssl http2;
server_name www.xyz.cc;
if ($host != 'www.xyz.cc'){ rewrite ^(.*)$ https://${server_name}$1 permanent; }
ssl_certificate /nginx-1.22.0/conf/ssl/8991511_xyz.cc.pem;
ssl_certificate_key /nginx-1.22.0/conf/ssl/8991511_xyz.cc.key;
#先配置签名证书,再配置加密证书,签名加密证书私钥 key 为同一个!
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers SM2-WITH-SMS4-SM3:ECDH:AESGCM:HIGH:MEDIUM:!RC4:!DH:!MD5:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
root html;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}
}
nginx.conf: 主要修改http部分
#引入ssl.conf
include ssl.conf;
server {
listen 80;
server_name www.xyz.cc;
#rewrite ^(.*)$ https://$host$1 permanent;
rewrite ^(.*)$ https://${server_name}$1 permanent;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}