• Nginx反向代理实现HTTPS网站


    1、环境设置

    这次是在windows环境下实现的,linux环境下步骤差不多

    openssl的windows版本

    下载地址: http://slproweb.com/products/Win32OpenSSL.html 

    Nginx的windows版本

    下载地址: http://nginx.org/en/download.html 

    网站使用python的tornado框架

    2、openssl创建证书

     1 1.创建私钥
     2 
     3   openssl genrsa -des3 -out lifes.key 1024 
     4    
     5   输入密码后,再次重复输入确认密码。记住此密码,后面会用到。 
     6       
     7 
     8 2. 创建csr证书
     9 
    10     openssl req -new -key lifes.key -out lifes.csr 
    11 
    12     bin文件夹内出现两个文件:lifes.key、 lifes.csr
    13 
    14 3. 去除密码 
    15 
    16     在加载SSL支持的Nginx并使用上述私钥时除去必须的口令,否则会在启动nginx的时候需要输入密码
    17 
    18     复制lifes.key并重命名为lifes.key.org
    19 
    20     可以使用此命令行,也可以使用鼠标操作 copy lifes.key lifes.key.org
    21 
    22     去除口令,在命令行中执行此命令: openssl rsa -in lifes.key.org -out lifes.key
    23 4. 生成crt证书
    24 
    25     openssl x509 -req -days 365 -in lifes.csr -signkey lifes.key -out lifes.crt
    证书创建步骤

    3、搭建webapp

     1 #-*-coding:utf-8-*-
     2 
     3 import os.path
     4 
     5 import tornado.httpserver
     6 import tornado.ioloop
     7 import tornado.options
     8 import tornado.web
     9 
    10 from tornado.options import define, options
    11 define("port", default=8000, help="run on the given port", type=int)
    12 
    13 class IndexHandler(tornado.web.RequestHandler):
    14     def get(self):
    15         ip = self.request.remote_ip
    16         print(ip)
    17         self.render("test.html")
    18 
    19 class UserHandler(tornado.web.RequestHandler):
    20     def post(self):
    21         user_name = self.get_argument("username")
    22         user_email = self.get_argument("email")
    23         user_website = self.get_argument("website")
    24         user_language = self.get_argument("language")
    25         self.render("user.html",username=user_name,email=user_email,website=user_website,language=user_language)
    26 
    27 handlers = [
    28     (r"/", IndexHandler),
    29     (r"/user", UserHandler)
    30 ]
    31 
    32 template_path = os.path.join(os.path.dirname(__file__),"template")
    33 
    34 if __name__ == "__main__":
    35     tornado.options.parse_command_line()
    36     app = tornado.web.Application(handlers, template_path)
    37     http_server = tornado.httpserver.HTTPServer(app)
    38     http_server.listen(options.port)
    39     tornado.ioloop.IOLoop.instance().start()
    tornado搭建app

    4、配置nginx.conf

      1 #user  nobody;
      2 worker_processes  1;
      3 
      4 #error_log  logs/error.log;
      5 #error_log  logs/error.log  notice;
      6 #error_log  logs/error.log  info;
      7 
      8 #pid        logs/nginx.pid;
      9 
     10 
     11 events {
     12     worker_connections  1024;
     13 }
     14 
     15 
     16 http {
     17     include       mime.types;
     18     default_type  application/octet-stream;
     19 
     20     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
     21     #                  '$status $body_bytes_sent "$http_referer" '
     22     #                  '"$http_user_agent" "$http_x_forwarded_for"';
     23 
     24     #access_log  logs/access.log  main;
     25 
     26     sendfile        on;
     27     #tcp_nopush     on;
     28 
     29     #keepalive_timeout  0;
     30     keepalive_timeout  65;
     31 
     32     #gzip  on;
     33 
     34     server {
     35         listen       80;
     36         server_name  localhost;
     37 
     38         #charset koi8-r;
     39 
     40         #access_log  logs/host.access.log  main;
     41         
     42 
     43         location / {
     44             root   html;
     45             index  index.html index.htm;
     46         }
     47 
     48         #error_page  404              /404.html;
     49 
     50         # redirect server error pages to the static page /50x.html
     51         #
     52         error_page   500 502 503 504  /50x.html;
     53         location = /50x.html {
     54             root   html;
     55         }
     56 
     57         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
     58         #
     59         #location ~ .php$ {
     60         #    proxy_pass   http://127.0.0.1;
     61         #}
     62 
     63         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
     64         #
     65         #location ~ .php$ {
     66         #    root           html;
     67         #    fastcgi_pass   127.0.0.1:9000;
     68         #    fastcgi_index  index.php;
     69         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
     70         #    include        fastcgi_params;
     71         #}
     72 
     73         # deny access to .htaccess files, if Apache's document root
     74         # concurs with nginx's one
     75         #
     76         #location ~ /.ht {
     77         #    deny  all;
     78         #}
     79     }
     80 
     81 
     82     # another virtual host using mix of IP-, name-, and port-based configuration
     83     #
     84     #server {
     85     #    listen       8000;
     86     #    listen       somename:8080;
     87     #    server_name  somename  alias  another.alias;
     88 
     89     #    location / {
     90     #        root   html;
     91     #        index  index.html index.htm;
     92     #    }
     93     #}
     94     
     95 
     96     # HTTPS server
     97     #
     98     server {
     99         listen 8088 default_server;
    100         listen [::]:8066 ipv6only=on;
    101         listen [::]:443 ssl;
    102         listen       443 ssl;
    103         
    104         server_name  localhost;
    105         server_name  www.web1.com;
    106         
    107         ssl_certificate      C:UsersAdministratorDesktopopenssl-0.9.8k_WIN32inlifes.crt;
    108         ssl_certificate_key  C:UsersAdministratorDesktopopenssl-0.9.8k_WIN32inlifes.key;
    109 
    110         ssl_session_cache    shared:SSL:1m;
    111         ssl_session_timeout  5m;
    112 
    113         ssl_ciphers  HIGH:!aNULL:!MD5;
    114         ssl_prefer_server_ciphers  on;
    115 
    116         location / {
    117             proxy_pass   http://web1;
    118         }
    119     }
    120     upstream web1{
    121         server 127.0.0.1:8000;   #SA Server1
    122     }
    123     
    124 }
    nginx-1.15.1conf ginx.conf

    再nginx目录下

    启动服务 start nginx

    重新加载 nginx -s reload

    查看服务是否正常 nginx -t

    5、能正常访问HTTPS站点

     https://www.web1.com

    参考文章: https://blog.csdn.net/leedaning/article/details/71125559

  • 相关阅读:
    Linux c 开发25 VScode C++ 运行中文乱码
    IEC104开发3 lib60870IEC 608705101 / 104 SOE
    Linux c 开发26 cmake生成项目
    STM32 例程7 STM32固件库方式 读取SHT20 温湿度
    基本电路学习1 12v转5V 电路
    github copilot 代码智能提示 AI代码提示
    Cesium polygon polyline entity label 贴地 点线面文本模型贴地 clampToGround 地面遮挡 地底遮挡 文字遮挡 道路遮挡 地形遮盖 地图遮盖
    UE4 HTTP REST 请求与高德天气预报接口 VaRest 插件
    UE4 蓝图截图 全屏截图 蓝图笔记截图 蓝图高清截图 蓝图保存插件 Blueprint Graph Screenshot(蓝图截图插件)
    window Carnac 实时显示键盘按键 桌面显示按钮 虚拟键盘 演示键盘 直播教学键盘
  • 原文地址:https://www.cnblogs.com/cx59244405/p/9327461.html
Copyright © 2020-2023  润新知