Nginx配置ssl证书(https证书)

  • Nginx配置ssl证书(https证书)
    • 安装nginx
    • Nginx 的 SSL 模块安装
    • 下载Nginx 服务证书
    • 配置nginx.conf
  1. 安装nginx
    搭建服务器,安装docker-compose
    https://blog.csdn.net/qq_33240556/article/details/124789530
    安装docker-compose nginx
    https://blog.csdn.net/qq_33240556/article/details/124890382

  2. 下载Nginx 服务证书
    https://help.aliyun.com/zh/ssl-certificate/user-guide/submit-a-certificate-application?spm=a2c4g.11186623.0.0.37d455adPUyVK5

Nginx配置ssl证书(https证书)_第1张图片

  1. 配置nginx.conf
worker_processes  1;

events {
    worker_connections  1024;
}

http {
	client_max_body_size 100m;
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
		#监听的端口,nginx 1.15.0及以上版本,使用listen 443 ssl代替,1.15.0以下的使用listen 443
        listen       443 ssl;
        server_name  localhost;
		charset utf-8;

		# ssl证书地址
		#指定pem文件所在路径,如果写相对路径,必须把该文件和nginx.conf文件放到一个目录下。
		ssl_certificate     ssl.pem;
		#指定私钥文件key所在路径,如果写相对路径,必须把该文件和nginx.conf文件放到一个目录下。
		ssl_certificate_key  ssl.key;
 
		# ssl验证相关配置
		ssl_session_timeout  5m;    #缓存有效期
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    #加密算法
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    #安全链接可选的加密协议
		ssl_prefer_server_ciphers on;   #使用服务器端的首选算法


		location / {
            root   /home/ruoyi-ui/dist;
			try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }
		
		location /prod-api/ {
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://10.56.1.75:8080/;
		}
		
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
	
	#配置80端口重定向443端口
    server {
        listen 80;
        server_name  localhost;
		#用地址重写规则
        rewrite ^(.*)$ https://${server_name}$1 permanent;

    }

}

你可能感兴趣的:(nginx,ssl,https)