https 通常实现的三种方式

阿瑞斯Devops
48 阅读1分钟

https 通常实现的三种方式

1.单个ECS/nginx配置https

单个ECS,添加域名证书【公网/私有】,并添加跳转https

server {
        listen 80;
        server_name www.weirui.com;
        return  302 https://$server_name$request_uri;
}
server  {
        listen 443 ssl;
        server_name  www.weirui.com;
        ssl_certificate  key;
        ssl_certificate_key server.key;
        location / {
            index index.php;
        }
}

2.SLB+ECS

user 》 https 》 SLB > http > web_cluster
user 》 https 》 SLB > https > web_cluster

#负载均衡
upstream  web_cluster {
        server xx:80;
        server xx:80;
}
server {
        listen 80;
        server_name www.weirui.com;
        return  302 https://$server_name$request_uri;
}
 server  {
        listen 443 ssl;
        server_name  www.weirui.com;
        ssl_certificate  key;
        ssl_certificate_key server.key;
        location / {
            proxy_pass  http://web_cluster;
            proxy_set_Header Host $http_host;
        }
}



#web_cluster

server {
        listen 80;
        server_name www.weirui.com;
        return  302 https://$server_name$request_uri;
}
server  {
        listen 443 ssl;
        server_name  www.weirui.com;
        ssl_certificate  key;
        ssl_certificate_key server.key;
        location / {
            index index.php;
        }
}

3.CDN+SLB+ECS

1.公网证书
2.需要SLB添加证书,将SLB的80端口删除
3.为SLB配置基于HTTPS的访问
4.将SLB的HTTP转到HTTPS
5.上传CDN的HTTPS

注:
若前端是https后端是http,那么需要在后端配置允许支持https。
#vi /etc/nginx/nginx.conf
server {
    ...
    location ~ .php {
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $doucument_root$fastcgi_script_name;
        include  fastcgi_param;
        fastcgi_param   HTTPS  on;
    }
}

配置校验

#nginx -t
#nginx -s  reload#systemctl daemon-reload
#systemctl restart nginx
avatar
文章
阅读
粉丝