nginx 配置ssl实现https

人在塔在
334 阅读1分钟

1.安装nginx

2.申请ssl证书,因为我的域名是阿里申请的,阿里有提供免费的证书,所以我就到对应的域名平台下生成证书就可以了

填写相关信息提交阿里审核,审核通过后就可以下载证书密钥等信息了,因为我们这里是对nginx配置,所以选择对应nginx证书下载。

3.上面已经申请到证书,接下来就是对nginx进行配置:

首先80和443端口必须可用,在nginx的配置文件 conf下建一个文件夹cert存放申请下来的证书。以下是我nginx配置的两个ssl证书,如果你只要配置一个就删除一个server节点就可以了。

server {

    listen       443;
    server_name  你的域名;
    ssl on;

    root      /usr/local/tomcat-shaoguan-mini/webapps/sgmini/;//项目的位置

    location ~ .*\.(txt|js|css|jsp|png|jpg|JPEG)?$ {
         proxy_pass http://localhost:8066;//代理端口
        root  /usr/local/tomcat-shaoguan-mini/webapps/sgmini/;
        access_log off;
        expires 0;
    }

    ssl_certificate      cert/cert-1541409622473_sgmini.51educity.com.crt;
    ssl_certificate_key  cert/cert-1541409622473_sgmini.51educity.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://localhost:8066;
        proxy_redirect off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_read_timeout  30m;
        client_max_body_size       30m;
    }
}

server {

    listen       443;
    server_name  你的域名;
    ssl on;

    root      /usr/local/tomcat-zhuhai-mini/webapps/mini/;

    location ~ .*\.(txt|js|css|jsp|png|jpg|JPEG)?$ {
         proxy_pass http://localhost:8067;
        root  /usr/local/tomcat-zhuhai-mini/webapps/mini/;
        access_log off;
        expires 0;
    }

    ssl_certificate      cert/cert-1541409603993_zhmini.51educity.com.crt;//证书路径
    ssl_certificate_key  cert/cert-1541409603993_zhmini.51educity.com.key;//证书密钥路径

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass http://localhost:8067;//代理的端口
        proxy_redirect off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_read_timeout  30m;
        client_max_body_size       30m;
    }
}

server {

listen 80;

rewrite ^(.*)$ https://$host$1 permanent;//重置到https

}

4.上域名管理平台做域名解析对应的服务器,然后启动nginx,访问你的域名就可以实现https访问了。

avatar
文章
阅读
粉丝