nginx 架设https服务

是洋芋呀
178 阅读1分钟

1.在腾讯云或阿里云上下载证书,然后将证书下载到本地

2.先将上一步拿到的Nginx文件夹里面的两个文件上传到与nginx.conf同级的目录(新建CA文件夹)下,然后编辑 nginx.conf

user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    
    include /etc/nginx/conf.d/*.conf;

    server {
    listen       80;
    server_name     wangtingting.top;

    ssl on;
    ssl_certificate     /etc/nginx/CA/1_wangtingting.top_bundle.pem;     #上传的证书路径
    ssl_certificate_key     /etc/nginx/CA/2_wangtingting.top.key;    #上传的秘钥路径
    
    #rewrite ^(.*) https://$host$1 permanent; 将http:80转为https:443

    location / {
        index index.html;
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

    server {
    listen       443 ssl;
    server_name     wangtingting.top;

    ssl on;
    ssl_certificate     /etc/nginx/CA/1_wangtingting.top_bundle.pem;     #上传的证书路径
    ssl_certificate_key     /etc/nginx/CA/2_wangtingting.top.key;    #上传的秘钥路径

    location / {
        index index.html;
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}
}

最后用https://wangtingting.top测试443端口

用http://wangtingting.top/测试80端口

3.1 给网站配置htts服务

server {
        listen  9001;
        server_name wangtingting.top;
        root /wangtingting/project/bussinessManagement;
        
        ssl on;
        ssl_certificate     /etc/nginx/CA/1_wangtingting.top_bundle.pem;    #上传的证书路径
        ssl_certificate_key     /etc/nginx/CA/2_wangtingting.top.key;    #上传的秘钥路径
        
        location / {
           index index.htm index.py index.html businessDetailsPage.html
        }
}

3.2 给koa项目(服务端项目)搭建https环境 在 /etc/nginx/conf.d 目录创建 ssl.conf 文件

server {
     listen 9006;  #给nginx指定监听的端口号
     server_name wangtingting.top;

     ssl on;
    ssl_certificate     /etc/nginx/CA/1_wangtingting.top_bundle.pem;    #上传的证书路径
    ssl_certificate_key     /etc/nginx/CA/2_wangtingting.top.key;    #上传的秘钥路径
     ssl_session_timeout 5m;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_prefer_server_ciphers on;

     location / {
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header Host $http_host;
             proxy_set_header X-NginX-Proxy true;
             proxy_pass http://127.0.0.1:3000/;   #koa项目运行的端口号,
             proxy_redirect off;
     }
}

检查配置文件是否出错sudo nginx -t

查找nginx的安装目录:ps -ef | grep nginx

重启nginx: /usr/sbin/nginx -s reload

avatar
文章
阅读
粉丝
相关推荐
nginx 配置 https
13k阅读
 · 
50点赞
Docker安装nginx以及配置nginx https域名
12k阅读
 · 
25点赞
Nginx配置HTTP跳转到HTTPS
17k阅读
 · 
13点赞
nginx配置ssl实现https访问 小白文
35k阅读
 · 
51点赞
Node.js + Nginx 部署 HTTPS 服务
13k阅读
 · 
363点赞