1. 查找nginx 的安装位置:
root@VERDE-SICC-APPLICATION1:/# find / -name 'nginx'
/home/apache/blueview-tomcat/webapps/ROOT/static/vendor/editormd/lib/codemirror/mode/nginx
/etc/default/nginx
/etc/nginx
/etc/logrotate.d/nginx
/etc/init.d/nginx
/etc/ufw/applications.d/nginx
/var/lib/nginx
/var/log/nginx
/usr/lib/nginx
/usr/sbin/nginx
/usr/share/nginx
/usr/share/doc/nginx
root@VERDE-SICC-APPLICATION1:/# find / -name 'nginx.conf'
/etc/nginx/nginx.conf
2. 上传证书:
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
conf.d fastcgi_params koi-win modules-available nginx.conf scgi_params sites-enabled uwsgi_params
fastcgi.conf koi-utf mime.types modules-enabled proxy_params sites-available snippets win-utf
root@VERDE-SICC-APPLICATION1:/etc/nginx# mkdir cert
root@VERDE-SICC-APPLICATION1:/etc/nginx# rz
ZMODEM Session started e50
------------------------
Sent 8444101_cloud.hnverde.com_nginx.zip
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
8444101_cloud.hnverde.com_nginx.zip conf.d fastcgi_params koi-win modules-available nginx.conf scgi_params sites-enabled uwsgi_params
cert fastcgi.conf koi-utf mime.types modules-enabled proxy_params sites-available snippets win-utf
root@VERDE-SICC-APPLICATION1:/etc/nginx#
3. 移动证书到 cert 文件夹
root@VERDE-SICC-APPLICATION1:/etc/nginx# mv 8444101_cloud.hnverde.com_nginx.zip cert
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
cert fastcgi.conf koi-utf mime.types modules-enabled proxy_params sites-available snippets win-utf
conf.d fastcgi_params koi-win modules-available nginx.conf scgi_params sites-enabled uwsgi_params
root@VERDE-SICC-APPLICATION1:/etc/nginx# cd cert
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# ls
8444101_cloud.hnverde.com_nginx.zip
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# unzip 8444101_cloud.hnverde.com_nginx.zip
Archive: 8444101_cloud.hnverde.com_nginx.zip
Aliyun Certificate Download
inflating: 8444101_cloud.hnverde.com.pem
inflating: 8444101_cloud.hnverde.com.key
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# ls
8444101_cloud.hnverde.com.key 8444101_cloud.hnverde.com_nginx.zip 8444101_cloud.hnverde.com.pem
4. 配置
server{
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.hnverde.com.pem;
ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html;
proxy_pass http://cloud.hnverde.com;
index index.html index.htm;
}
location ~ .*.(jpg|jpeg|gif|png|swf|rar|zip|css|js)$ {
proxy_pass http://cloud.hnverde.com;
}
}
5. 完整nginx.conf 配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
server{
listen 80;
server_name cloud.hnverde.com;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ @router;
index index.html;
}
location @router {
rewrite ^.*$ https://$host$1;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
##
# Basic Settings
##
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.hnverde.com.pem;
ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
https.png
6. 前端可以了,但是后台还不是https 的,所以显示跨域问题
# 重新加载配置
nginx -s reload
7. 后台以转发方式完成,配置如下
代理转发过程.png
nginx.conf 配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
#server{
# listen 80;
# server_name cloud.****.com;
# location / {
# root /usr/share/nginx/html;
# try_files $uri $uri/ @router;
# index index.html;
# }
#}
server {
listen 80;
#请填写绑定证书的域名
server_name cloud.***.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
##
# Basic Settings
##
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server{
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.***.com.pem;
ssl_certificate_key cert/8444101_cloud.****.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#例如,您的网站主页在 Nginx 服务器的 /etc/www 目录下,则请修改 root 后面的 html 为 /etc/www。
root /usr/share/nginx/html;
index index.html index.htm;
}
location /api { #后端接口配置
proxy_pass http://120.77.**.**:6557/api; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
8. 访问地址:
https://120...195:443/api/Login/GetCode
访问后台.png
9. 同理,server.js 里面配置也要变:
server.js.2.png
10. 补充,项目图片放在Data目录下,所以要在 nginx.conf 加入
location /Data { #获取后端图片
proxy_pass http://120.77.144.195:6557/Data; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
// 同理
location /Log { #后端接口配置
proxy_pass http://120.77.144.195:6557/Log; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /DownLoad { #后端接口配置
proxy_pass http://120.77.144.195:6557/DownLoad; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
- 部分页面 Data 下面的图片单独访问没问题,在页面中访问就会跨域(调用腾讯地图,并替换底图的图片),修改如下
location /Data {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified- Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
#后端接口配置
proxy_pass http://120.77.144.195:6557/Data; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
- 完整的 nginx.conf 如下:
root@VERDE-SICC-APPLICATION1:~# cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
#server{
# listen 80;
# server_name cloud.hnverde.com;
# location / {
# root /usr/share/nginx/html;
# try_files $uri $uri/ @router;
# index index.html;
# }
#}
server {
listen 80;
#请填写绑定证书的域名
server_name cloud.hnverde.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
##
# Basic Settings
##
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server{
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.hnverde.com.pem;
ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#例如,您的网站主页在 Nginx 服务器的 /etc/www 目录下,则请修改 root 后面的 html 为 /etc/www。
root /usr/share/nginx/html;
index index.html index.htm;
}
location /api { #后端接口配置
proxy_pass http://120.77.144.195:6557/api; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Data { #后端接口配置
proxy_pass http://120.77.144.195:6557/Data; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Log { #后端接口配置
proxy_pass http://120.77.144.195:6557/Log; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /DownLoad { #后端接口配置
proxy_pass http://120.77.144.195:6557/DownLoad; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
11. 上传限制
- nginx.conf 加入如下配置
client_max_body_size 2000M; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请>求的最大字节数
fastcgi_intercept_errors on;
- nginx.conf 完整配置如下:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
#server{
# listen 80;
# server_name cloud.hnverde.com;
# location / {
# root /usr/share/nginx/html;
# try_files $uri $uri/ @router;
# index index.html;
# }
#}
server {
listen 80;
#请填写绑定证书的域名
server_name cloud.hnverde.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
##
# Basic Settings
##
client_max_body_size 2000M; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请>求的最大字节数
fastcgi_intercept_errors on;
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server{
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.hnverde.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.hnverde.com.pem;
ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#例如,您的网站主页在 Nginx 服务器的 /etc/www 目录下,则请修改 root 后面的 html 为 /etc/www。
root /usr/share/nginx/html;
index index.html index.htm;
}
location /api { #后端接口配置
proxy_pass http://120.77.144.195:6557/api; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Data {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified- Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
#后端接口配置
proxy_pass http://120.77.144.195:6557/Data; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Log { #后端接口配置
proxy_pass http://120.77.144.195:6557/Log; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /DownLoad { #后端接口配置
proxy_pass http://120.77.144.195:6557/DownLoad; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}