注:为了更好的体验,将内容复制到工具中效果才好
# ubuntu nginx 配置 https wss
## 准备证书
* 去对应的云服务提供商那儿可以申请到免费的ssl证书
* 下载证书后,解压有nginx目录,把目录下的文件上传到服务器备用
## 安装nginx
* sudo apt-get install nginx
## 配置nginx
* 进入配置文件目录 /etc/nginx/conf.d
* 新建ssl.conf配置文件
* 加入配置信息(具体配置信息参考官方文档,以下只作为最小配置,仅供学习)
server {
listen 443; #https,wss端口,不可指定其它端口
ssl on; #打开ssl
ssl_certificate /home/ubuntu/webrtc/ssl_key/1_stun.yundingzhihui.cn_bundle.crt;#证书文件
ssl_certificate_key /home/ubuntu/webrtc/ssl_key/2_stun.yundingzhihui.cn.key;#证书文件
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
add_header Cache-Control no-store;
ssl_stapling on;
ssl_stapling_verify on;
server_name stun.yundingzhihui.cn;
location /wss { # 路径后缀为wss请求 如:wss://www.xxx.com/wss
proxy_pass http://127.0.0.1:8009;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
}
location / { # https 请求 例 https:www.xxxx.cn
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add_header Access-Control-Allow-Origin *;
}
}
server { # http请求 如:http://www.xxxx.cn
listen 80; #将80商品普通的请求转发到安全连接上
server_name www.xxxx.cn;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
## 测试
http请求用 https
ws请求用wss