nginx配置https

文章发布于2020年04月12日 15:17, 归类于: 未分类

记录nginx配置多个域名https证书,域名重定向。

使用nginx代理转发请求到node.js应用程序。

上传证书到目录

cd /usr/local/nginx/cert

编辑 nginx.conf

vim /usr/local/nginx/conf/nginx.conf
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    # 将80端口重定向到https 博客
    server {
      listen 80;
      #填写绑定证书的域名
      server_name eoway.cn www.eoway.cn; 
      #把http的域名请求转成https
      rewrite ^(.*)$ https://$host$1 permanent; 
    }

    # 将80端口重定向到https api
    server {
      listen 80;
      #填写绑定证书的域名
      server_name api.eoway.cn www.api.eoway.cn; 
      #把http的域名请求转成https
      rewrite ^(.*)$ https://$host$1 permanent; 
    }

    # 将https重定向到https带www 博客
    server {
        listen 443;
        server_name eoway.cn;
        return 301 https://www.eoway.cn$request_uri;
    }

    # 将https重定向到https不带带www api
    server {
        listen 443;
        server_name www.api.eoway.cn;
        return 301 https://api.eoway.cn$request_uri;
    }


    # HTTPS server 博客
    server {
        # listen 443 default_server ssl;
        listen 443 default_server ssl;
        server_name  www.eoway.cn;
        ssl_certificate      /usr/local/nginx/cert/2876845_www.eoway.cn.pem;
        ssl_certificate_key  /usr/local/nginx/cert/2876845_www.eoway.cn.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers  on;
        location / {
            proxy_pass http://127.0.0.1:4000;
            add_header Access-Control-Allow-Origin *;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
        }
    }

    # HTTPS server api
    server {
        listen 443 ssl;
        server_name  api.eoway.cn;
        ssl_certificate      /usr/local/nginx/cert/3409844_api.eoway.cn.pem;
        ssl_certificate_key  /usr/local/nginx/cert/3409844_api.eoway.cn.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers  on;
        location / {
            proxy_pass http://127.0.0.1:8082;
            add_header Access-Control-Allow-Origin *;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
        }
    }

}

修改保存后重启 nginx。

nginx 命令

进入 nginx 目录

cd /usr/local/nginx/sbin

启动 nginx

/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

重启nginx

./nginx -s reload

查看进程

netstat -ntlp | grep :80

杀掉 nginx

pkill -9 nginx

转载请注明来源:《 nginx配置https》- rojerYong's Blog

文章链接:https://www.eoway.cn /article/1586675864.html

如果此文摘取了你的原创,请联系本站管理员,将对此文修改、删除处理。

--END--
上一篇:个人静态博客安装原生js图片预览插件viewer.js,支持pc和移动端 下一篇:koa2学习笔记