ubuntu nginx 配置 https wss

注:为了更好的体验,将内容复制到工具中效果才好

# ubuntu nginx 配置 https wss

## 准备证书

* 去对应的云服务提供商那儿可以申请到免费的ssl证书

* 下载证书后,解压有nginx目录,把目录下的文件上传到服务器备用

## 安装nginx

* sudo apt-get install nginx

## 配置nginx

* 进入配置文件目录 /etc/nginx/conf.d

* 新建ssl.conf配置文件

* 加入配置信息(具体配置信息参考官方文档,以下只作为最小配置,仅供学习)

server {

    listen 443; #https,wss端口,不可指定其它端口

    ssl on; #打开ssl

    ssl_certificate    /home/ubuntu/webrtc/ssl_key/1_stun.yundingzhihui.cn_bundle.crt;#证书文件

    ssl_certificate_key /home/ubuntu/webrtc/ssl_key/2_stun.yundingzhihui.cn.key;#证书文件

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

    ssl_prefer_server_ciphers on;

    ssl_buffer_size 1400;

    add_header Strict-Transport-Security max-age=15768000;

    add_header Cache-Control no-store;

    ssl_stapling on;

    ssl_stapling_verify on;

    server_name stun.yundingzhihui.cn;

    location /wss { # 路径后缀为wss请求 如:wss://www.xxx.com/wss

        proxy_pass http://127.0.0.1:8009;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection "Upgrade";

        proxy_set_header X-Real-IP $remote_addr;

    }

    location / { # https 请求 例 https:www.xxxx.cn

        proxy_pass http://127.0.0.1:8080;

        proxy_set_header  X-Real-IP        $remote_addr;

        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;

        # add_header Access-Control-Allow-Origin *;

    }

}

server { # http请求 如:http://www.xxxx.cn

    listen 80; #将80商品普通的请求转发到安全连接上

    server_name www.xxxx.cn;

    rewrite ^(.*)$ https://${server_name}$1 permanent;

}

## 测试

http请求用 https

ws请求用wss

你可能感兴趣的:(ubuntu nginx 配置 https wss)