nginx的https配置

**web服务 将http转为https,从此数据不再裸奔 **

#cat /etc/nginx/nginx.conf

#For more information on configuration, see:
#* Official English Documentation: http://nginx.org/en/docs/
#* Official Russian Documentation: http://nginx.org/ru/docs/
user  nobody;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    
    default_type  application/octet-stream;
    
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
                      
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
    
    #Settings for a TLS enabled server.
    server {
 	listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  localhost;
        root         /usr/share/nginx/html;
        #https 
        ssl_certificate "/vsr-admin/server.pem";
        ssl_certificate_key "/vsr-admin/server.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        
        #Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
 	location ^~ /vsr/{
            	rewrite "^/vsr/(.*)$" /$1 break;
            	#本地代理
            	proxy_pass https://127.0.0.1:8000/;
            	proxy_send_timeout 1800;
            	proxy_read_timeout 1800;
            	proxy_connect_timeout 1800;
            	client_max_body_size 2048m;
            	proxy_http_version 1.1;
            	proxy_set_header Upgrade $http_upgrade;
            	proxy_set_header Connection "Upgrade";
            	# required for docker client's sake
            	proxy_set_header  Host              $http_host;   
            	#proxy_set_header Host    $host;   
            	# pass on real client's IP   
            	proxy_set_header  X-Real-IP         $remote_addr; 
            	proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
            	proxy_set_header  X-Forwarded-Proto $scheme;
              }
        }   
}

注意:

如果是完整的把一个http网站换成https,但咱们是其中的一个请求接口做反向代理,http转https https转http都可以,但https里面带http不行,这个是https的规范要求,(解决方案:nginx反向代理将后端改为https://127.0.0.1:8000)

你可能感兴趣的:(Nginx)