nginx 配置https 代理http接口

1、使用docker运行镜像

具体操作详见：
https://blog.csdn.net/qq_22041375/article/details/105578258

2、安装完配置nginx

修改nginx配置

server {
    listen       443 ssl;
    server_name  localhost;

    ssl on;
    ssl_certificate      /ssl/server.crt;
    ssl_certificate_key  /ssl/server.key;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    # 这是静态主页
    location / {
        root   /www;
        index  index.html index.htm;

    }
}

2.1、正式环境的配置

#user  nobody;
worker_processes  8;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    #default_type  application/octet-stream;

    sendfile        on;
    #tcp_nopush     on;
    underscores_in_headers on;
    #keepalive_timeout  0;
    #keepalive_timeout  65;

    gzip  on;
	

	server {
        listen       806;
        server_name  127.0.0.1;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }

    server {
        listen       80;
        server_name  127.0.0.1;

        ssl_certificate     /ssl/3980678_charint.top.pem;
        ssl_certificate_key /ssl/3980678_charint.top.key;

        ssl on;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
		 
       location /test {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

 	
    	location / {
			proxy_next_upstream http_502 http_504 error timeout invalid_header;
        	proxy_set_header Host  $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			
			types {}
        	proxy_pass http://10.9.22.35:9998;
    	}



    }

}

3、进入容器 创建文件夹

docker exec -it 1380f88e6f6d bash
mkdir ssl

4、证书相关

4.1、退出容器 copy证书（有证书）

exit
docker cp 3980678_charint.top.key  1380f88e6f6d:/ssl/
docker cp 3980678_charint.top.pem  1380f88e6f6d:/ssl/

4.2 制作证书（无证书）

# 创建服务器私钥
openssl genrsa -des3 -out server.key 2048

# 创建签名请求的证书（CSR）
openssl req -new -key server.key -out server.csr

# 标记证书使用上述私钥和CSR
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

4.2.1报错处理：密码错误

SSL_CTX_use_PrivateKey_file("/etc/nginx/key/server.key") failed 
(SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 

# 输入一次私钥的密码
openssl rsa -in server.key -out unserver.key 

cp unserver.key server.key

# 重启nginx

参考

https://www.jianshu.com/p/5f9bd492f186

https://pengshiyu.blog.csdn.net/article/details/103755523