Nginx配置ssl

Nginx配置ssl

nginx配置ssl实现https加密,主要是配置nginx.conf

1.编辑nginx.conf

vi /usr/local/nginx/sbin/nginx.conf

2.找到你要配置的server，按以下结构编辑(http会强制转换https)。

server {
		listen       80;
        listen       443 ssl;
        server_name  www.demo.com demo.com;

        ssl_certificate      /usr/local/ssl/demo.crt;
        ssl_certificate_key  /usr/local/ssl/demo.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
		

        if ($server_port = 80 ) {
                return 301 https://$host$request_uri;
        }
        proxy_set_header Host $host;
      	proxy_set_header X-Real-IP $remote_addr;
      	proxy_set_header REMOTE-HOST $remote_addr;
      	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        
        location / {
            proxy_pass http://127.0.0.1:8080;
            
			proxy_set_header Host $host;
        	proxy_set_header X-Real-IP $remote_addr;
        	proxy_set_header REMOTE-HOST $remote_addr;
        	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
		#让http请求重定向到https请求
        error_page 497  https://$host$request_uri;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

1.listen:端口号（http默认80），而https则是443 ssl

2.server_name:你要配置的域名（默认localhost）

3.ssl_certificate 和ssl_certificate_key则是你的域名相关的证书和秘钥

4.location / 要匹配的路径，/全路径，proxy_pass 是跳转的地址（localhost可能解析不了，可以写成127.0.0.1）