• nginx配置https

    nginx配置https

    1、使用openssl生成csr、key两个文件
    openssl req -new -newkey rsa:2048 -sha256 -nodes -out 域名点变下划线.csr -keyout webuser_dev2_xsyxsc_cn.key -subj "/C=CN/ST=HuNan/L=ChangSha/O=XingShengYouXuan Inc./OU=Web Security/CN=域名"
    • 此命令会在当前目录生成csr、key两个文件
    • ST:省或州
    • L:市
    • O:公司
    • OU:公司部门...
    • CN:你的域名
     
     
    2、使用openssl再将csr文件解析为crt文件
    openssl x509 -req -days 365 -in 域名点变下划线.csr -signkey 域名点变下划线.key -out 域名点变下划线.crt
     
     
    3、在nginx中配置ssl映射关系
    server{
            #ssl参数
            listen              443 ssl;
            server_name  域名;
            #证书文件
            ssl_certificate     /etc/nginx/域名点变下划线.crt;
            #私钥文件
            ssl_certificate_key /etc/nginx/域名点变下划线.key;
            charset utf-8;
            ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers         HIGH:!aNULL:!MD5;
            access_log   /etc/nginx/logs/https-user-access.log  main;
            location /api/user/payment  {
                proxy_set_header        Host  $Http_host;
                proxy_set_header        X-Real-IP                       $remote_addr;
                proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
                proxy_set_header        X-Queue-Start           "t=${msec}000";
                proxy_pass  http://IP:PORT/XXXX/payment/;
            }
     
     
    }
    server {
            listen       80;
            server_name  域名;
            charset utf-8;
            access_log   /etc/nginx/logs/user-access.log  main;
    .......
     
    4、需要运维添加443端口,然后打开防火墙
     
    相关技术细节参考链接:
     
     
     
     
     
     
     
     
     
     
     
     
    ====================================================================================================================
     
    测试环境一个完整的例子(注意反向代理)
    ====================================================================================================================
     


    #user nobody;
    worker_processes 1;

    #error_log logs/error.log;
    #error_log logs/error.log notice;
    #error_log logs/error.log info;

    #pid logs/nginx.pid;


    events {
    worker_connections 1024;
    }


    http {
    include mime.types;
    default_type application/octet-stream;

    #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    # '$status $body_bytes_sent "$http_referer" '
    # '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log logs/access.log main;

    sendfile on;
    #tcp_nopush on;

    #keepalive_timeout 0;
    keepalive_timeout 65;

    #gzip on;

    server {
    listen 80;
    server_name 172.16.8.19 localhost;
    #charset koi8-r;

    #access_log logs/host.access.log main;

    location / {
    root /home/html/armor-ui;
    try_files $uri $uri/ /index.html;
    index index.html index.htm;
    }

    location /prod-api/ {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE_HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # 反向代理配置
    proxy_pass http://localhost:8888/;
    }

    location /ftas {
    root /home/html/ftasFont;
    try_files $uri $uri/ /index.html;
    index index.html index.htm;
    }


    error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ .php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ .php$ {
    # root html;
    # fastcgi_pass 127.0.0.1:9000;
    # fastcgi_index index.php;
    # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    # include fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /.ht {
    # deny all;
    #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    # listen 8000;
    # listen somename:8080;
    # server_name somename alias another.alias;

    # location / {
    # root html;
    # index index.html index.htm;
    # }
    #}


    # HTTPS server
    #
    #server {
    # listen 443 ssl;
    # server_name localhost;

    # ssl_certificate cert.pem;
    # ssl_certificate_key cert.key;

    # ssl_session_cache shared:SSL:1m;
    # ssl_session_timeout 5m;

    # ssl_ciphers HIGH:!aNULL:!MD5;
    # ssl_prefer_server_ciphers on;

    # location / {
    # root html;
    # index index.html index.htm;
    # }
    #}

    }
  • 相关阅读:
    Codeforces Round #246 (Div. 2):B. Football Kit
    iOS8使用TouchID
    HDU 1796 How many integers can you find(容斥原理+二进制/DFS)
    MapReduce的Reduce side Join
    Android入门级编译错误汇总
    当往事已随风
    静态链表的C++实现
    《跨界杂谈》企业商业模式(三):集约
    C
    Android插屏动画效果
  • 原文地址:https://www.cnblogs.com/sea520/p/11338475.html
Copyright © 2020-2023  润新知