Centos7 Nginx反向代理配置SSL

#配置*.conf文件
server
{
     
    listen       443 ssl;
    server_name  www.baidu.com;#域名
    index index.php index.html index.htm default.php default.htm default.html; #默认页面
    root /www/wwwroot/publish;#项目根目录
    ssl_certificate      xxx.crt;#crt路径
    ssl_certificate_key  xxx_RSA.key;#key路径
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    
    location / {
     
        proxy_pass http://localhost:5000;  #把80端口的访问反向代理到5000端口（你程序的启动端口），请根据实际情况修改自己的端口
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        # 客户端真实ip
        proxy_set_header X-Real-IP $remote_addr;
    }
    
    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
     
        return 404;
    }
    
    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
     
        allow all;
    }
    
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
     
        proxy_pass http://127.0.0.1:5000;
        expires      30d;
        error_log off;
        access_log /dev/null;
    }

    location ~ .*\.(js|css)?$
    {
     
        proxy_pass http://127.0.0.1:5000;
        expires      12h;
        error_log off;
        access_log /dev/null;
    }
	access_log  /www/wwwlogs/www.baidu.com.log;
    error_log  /www/wwwlogs/www.baidu.com.error.log;
}

#开启443端口
firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --reload

#刷新Nginx
nginx -s reload