windows server下的 Nginx SSL 证书安装部署

由于 github pages 项目中使用后端服务调用只支持使用 https  协议,故需要在原来的 Nginx 服务器中安装 SSL 证书,参考了SSL 证书 Nginx 服务器 SSL 证书安装部署

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    gzip  on;
    server {
	    listen 443 ssl;
	    #填写绑定证书的域名
	    server_name chenxxx.com;
	    charset      utf-8;
	    client_max_body_size 5G; # 突破上传大文件限制
	    #证书文件名称
	    ssl_certificate  1_chenxxx.com_bundle.crt; 
	    #私钥文件名称
	    ssl_certificate_key 2_chenxxx.com.key; 
	    ssl_session_timeout 5m;
	    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	    ssl_prefer_server_ciphers on;	

        location / {
            root   html;
            index  index.html index.htm;
        }

	    location /ccblog {
            alias   html/front-project/ccblog/;
	        index   index.html;
	        try_files $uri $uri/ /front-project/ccblog/index.html;
        }

	    #后台springboot接口服务代理
	    location /api/ {
	        proxy_pass		http://127.0.0.1:3000/;
	        #后端部署上线后的地址,注意端口后面的'/'要加上,不然会404
	        proxy_set_header	X-Real-IP $remote_addr;
	        proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
	        proxy_set_header	Host $http_host;
	        proxy_set_header	X-NginX-Proxy true;
	        proxy_redirect	off;
       }

       error_page  404              /404.html;
       error_page   500 502 503 504  /50x.html;
       location = /50x.html {
            root   html;
       }
    }
    server {
	    listen 80;
	    #填写绑定证书的域名
	    server_name chenxxx.com; 
	    #把http的域名请求转成https
	    rewrite ^(.*)$ https://$host$1   permanent;
    }
}

注意点:

  • 该nginx配置中,SSL证书的位置是和nginx.conf同级目录下,如果位置不同还请自行变更
  • 证书一定要和域名相匹配
  • 配置中我使用到的是二级域名,并非三级域名或四级域名
  • 当时我还遇到过配置完后访问域名,提示404 Bad Request ,但是IP可以正常访问,找了下原因,是域名解析错误。

你可能感兴趣的:(ssl,https,nginx)