Nginx配置http升级https

Nginx配置https

记录一下实验室测试版服务器的https配置流程,本次为http升级至https

原有的http配置:

server {
  		listen		8001;
  		 server_name 	localhost;
  		 #set $live_status 0			#直播是否开启,初始值为0,关闭
  		 location / {
  		 	root	/home;
  		  	index	index.html	index.html;
  		}

  		location /live {
  			flv_live on;
  			chunked_transfer_encoding on;
  			add_header 'Access-Control-ALLow-Origin' '*';
  			add_header 'Access-Control-Allow-Credentials' 'true';
  		}
  		
  		error_page		500 502 503 504 	/50x.html;
  		location = /50x.html{
  			root 	html;
  		}
  	}

要想升级为https需要在nginx配置一个代理,就是反向代理类似的操作

同时需要添加安全证书的路径,更改后如下:(参考:/usr/local/openresty/nginx/conf/nginx.conf)

server {

		listen		8002 ssl;
  		listen		8001;
  		server_name 	live;
      server_name live.test.tinylink.cn;
  		#set $live_status 0			#直播是否开启,初始值为0,关闭

  		#ssl_certificate /root/.acme.sh/*.test.tinylink.cn/fullchain.cer;
	    #ssl_certificate_key /root/.acme.sh/*.test.tinylink.cn/*.test.tinylink.cn.key;

  	 ssl_certificate /etc/letsencrypt/live/api.test.tinylink.cn/fullchain.pem;
		 ssl_certificate_key /etc/letsencrypt/live/api.test.tinylink.cn/privkey.pem;
  
		 ssl_session_timeout 5m;
		 ssl_session_cache shared:SSL:50m;
		 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
		 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
                 
     client_max_body_size 500M;
     client_body_buffer_size 500M;
	     
  	 location / {
  		  
		    proxy_pass http://localhost:8001/;
		    
        proxy_set_header Host $host:$server_port;
		    proxy_set_header X-Real-IP $remote_addr;
	      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	   	  proxy_redirect off;
	      #proxy_set_header Upgrade $http_upgrade;
       	#proxy_set_header Connection "upgrade";
    
  		}

  		location /live {
  			flv_live on;
  			chunked_transfer_encoding on;
  			add_header 'Access-Control-ALLow-Origin' '*';
  			add_header 'Access-Control-Allow-Credentials' 'true';
  		}
  		
  		error_page		500 502 503 504 	/50x.html;
  		location = /50x.html{
  			root 	html;
  		}
  	}

之后去配置frpc,位置在:/root/yangg/frp/configs/frp/frpc.ini

[http_linklab_test_api_live_https]
type = https
custom_domains = live.test.tinylink.cn

plugin = https2http
plugin_local_addr = 127.0.0.1:8001

plugin_crt_path = /root/.acme.sh/*.test.tinylink.cn/fullchain.cer
plugin_key_path = /root/.acme.sh/*.test.tinylink.cn/*.test.tinylink.cn.key
plugin_host_header_rewrite = 127.0.0.1
plugin_header_X-From-Where = frp

之后重启frpc服务:

$ systemctl restart frpc-http.service
$ openresty -s reload

你可能感兴趣的:(nginx,https,http)