• Nginx反向代理实现HTTPS网站


    1、环境设置

    这次是在windows环境下实现的,linux环境下步骤差不多

    openssl的windows版本

    下载地址: http://slproweb.com/products/Win32OpenSSL.html 

    Nginx的windows版本

    下载地址: http://nginx.org/en/download.html 

    网站使用python的tornado框架

    2、openssl创建证书

     1 1.创建私钥
     2 
     3   openssl genrsa -des3 -out lifes.key 1024 
     4    
     5   输入密码后,再次重复输入确认密码。记住此密码,后面会用到。 
     6       
     7 
     8 2. 创建csr证书
     9 
    10     openssl req -new -key lifes.key -out lifes.csr 
    11 
    12     bin文件夹内出现两个文件:lifes.key、 lifes.csr
    13 
    14 3. 去除密码 
    15 
    16     在加载SSL支持的Nginx并使用上述私钥时除去必须的口令,否则会在启动nginx的时候需要输入密码
    17 
    18     复制lifes.key并重命名为lifes.key.org
    19 
    20     可以使用此命令行,也可以使用鼠标操作 copy lifes.key lifes.key.org
    21 
    22     去除口令,在命令行中执行此命令: openssl rsa -in lifes.key.org -out lifes.key
    23 4. 生成crt证书
    24 
    25     openssl x509 -req -days 365 -in lifes.csr -signkey lifes.key -out lifes.crt
    证书创建步骤

    3、搭建webapp

     1 #-*-coding:utf-8-*-
     2 
     3 import os.path
     4 
     5 import tornado.httpserver
     6 import tornado.ioloop
     7 import tornado.options
     8 import tornado.web
     9 
    10 from tornado.options import define, options
    11 define("port", default=8000, help="run on the given port", type=int)
    12 
    13 class IndexHandler(tornado.web.RequestHandler):
    14     def get(self):
    15         ip = self.request.remote_ip
    16         print(ip)
    17         self.render("test.html")
    18 
    19 class UserHandler(tornado.web.RequestHandler):
    20     def post(self):
    21         user_name = self.get_argument("username")
    22         user_email = self.get_argument("email")
    23         user_website = self.get_argument("website")
    24         user_language = self.get_argument("language")
    25         self.render("user.html",username=user_name,email=user_email,website=user_website,language=user_language)
    26 
    27 handlers = [
    28     (r"/", IndexHandler),
    29     (r"/user", UserHandler)
    30 ]
    31 
    32 template_path = os.path.join(os.path.dirname(__file__),"template")
    33 
    34 if __name__ == "__main__":
    35     tornado.options.parse_command_line()
    36     app = tornado.web.Application(handlers, template_path)
    37     http_server = tornado.httpserver.HTTPServer(app)
    38     http_server.listen(options.port)
    39     tornado.ioloop.IOLoop.instance().start()
    tornado搭建app

    4、配置nginx.conf

      1 #user  nobody;
      2 worker_processes  1;
      3 
      4 #error_log  logs/error.log;
      5 #error_log  logs/error.log  notice;
      6 #error_log  logs/error.log  info;
      7 
      8 #pid        logs/nginx.pid;
      9 
     10 
     11 events {
     12     worker_connections  1024;
     13 }
     14 
     15 
     16 http {
     17     include       mime.types;
     18     default_type  application/octet-stream;
     19 
     20     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
     21     #                  '$status $body_bytes_sent "$http_referer" '
     22     #                  '"$http_user_agent" "$http_x_forwarded_for"';
     23 
     24     #access_log  logs/access.log  main;
     25 
     26     sendfile        on;
     27     #tcp_nopush     on;
     28 
     29     #keepalive_timeout  0;
     30     keepalive_timeout  65;
     31 
     32     #gzip  on;
     33 
     34     server {
     35         listen       80;
     36         server_name  localhost;
     37 
     38         #charset koi8-r;
     39 
     40         #access_log  logs/host.access.log  main;
     41         
     42 
     43         location / {
     44             root   html;
     45             index  index.html index.htm;
     46         }
     47 
     48         #error_page  404              /404.html;
     49 
     50         # redirect server error pages to the static page /50x.html
     51         #
     52         error_page   500 502 503 504  /50x.html;
     53         location = /50x.html {
     54             root   html;
     55         }
     56 
     57         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
     58         #
     59         #location ~ .php$ {
     60         #    proxy_pass   http://127.0.0.1;
     61         #}
     62 
     63         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
     64         #
     65         #location ~ .php$ {
     66         #    root           html;
     67         #    fastcgi_pass   127.0.0.1:9000;
     68         #    fastcgi_index  index.php;
     69         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
     70         #    include        fastcgi_params;
     71         #}
     72 
     73         # deny access to .htaccess files, if Apache's document root
     74         # concurs with nginx's one
     75         #
     76         #location ~ /.ht {
     77         #    deny  all;
     78         #}
     79     }
     80 
     81 
     82     # another virtual host using mix of IP-, name-, and port-based configuration
     83     #
     84     #server {
     85     #    listen       8000;
     86     #    listen       somename:8080;
     87     #    server_name  somename  alias  another.alias;
     88 
     89     #    location / {
     90     #        root   html;
     91     #        index  index.html index.htm;
     92     #    }
     93     #}
     94     
     95 
     96     # HTTPS server
     97     #
     98     server {
     99         listen 8088 default_server;
    100         listen [::]:8066 ipv6only=on;
    101         listen [::]:443 ssl;
    102         listen       443 ssl;
    103         
    104         server_name  localhost;
    105         server_name  www.web1.com;
    106         
    107         ssl_certificate      C:UsersAdministratorDesktopopenssl-0.9.8k_WIN32inlifes.crt;
    108         ssl_certificate_key  C:UsersAdministratorDesktopopenssl-0.9.8k_WIN32inlifes.key;
    109 
    110         ssl_session_cache    shared:SSL:1m;
    111         ssl_session_timeout  5m;
    112 
    113         ssl_ciphers  HIGH:!aNULL:!MD5;
    114         ssl_prefer_server_ciphers  on;
    115 
    116         location / {
    117             proxy_pass   http://web1;
    118         }
    119     }
    120     upstream web1{
    121         server 127.0.0.1:8000;   #SA Server1
    122     }
    123     
    124 }
    nginx-1.15.1conf ginx.conf

    再nginx目录下

    启动服务 start nginx

    重新加载 nginx -s reload

    查看服务是否正常 nginx -t

    5、能正常访问HTTPS站点

     https://www.web1.com

    参考文章: https://blog.csdn.net/leedaning/article/details/71125559

  • 相关阅读:
    Linux安装python3.6
    Python安装常见问题(1):zipimport.ZipImportError: can't decompress data
    ModuleNotFoundError: No module named 'apt_pkg'
    【第九届蓝桥杯大赛决赛真题】JAVA大学C组题解
    Mineweep(扫雷)
    Josephus环的四种解法(约瑟夫环)
    java背包的数组实现,链表实现
    Java 实现栈,队列
    java实现单链表
    MySql8最新配置方式(完美)
  • 原文地址:https://www.cnblogs.com/cx59244405/p/9327461.html
Copyright © 2020-2023  润新知