请叫我小C
2019-03-26 08:56:53
Nginx配置SSL证书,实现https访问
上一篇写了SpringBoot如何配置的SSL,今天写Nginx配置SSL。
首先查看Nginx是否支持ssl,如果不支持,则需要重新编译加装SSL模块。
步骤一:查看是否支持SSL,输入如下命令
./nginx -t
反馈信息中如果有如下信息说明已经安装SSL模块
(安装SSL模块可以执行如下命令)
./configure --prefix=/usr/local/nginx--with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module
在执行make命令,重复执行步骤一验证。直至验证通过,那么恭喜已经安装好了SSL模块。
步骤二:上传ssl证书,一般上传到etc/ssl目录下即可
步骤三:编辑nginx.conf文件,http{}里编辑
upstream blogserver{
ip_hash; #session
server 172.16.0.4:8080 weight=1;
server 172.16.0.4:8081 weight=2;
}
server {
listen 443;
server_name suwanru.cn;
ssl on;
ssl_certificate /etc/ssl/1959105_www.suwanru.cn.pem;
ssl_certificate_key /etc/ssl/1959105_www.suwanru.cn.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://blogserver;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server{
listen 80;
server_name 106.13.53.27;
rewrite ^/(.*)$ https://suwanru.cn:443/$1 permanent;
}
上面一段代码监听80端口是因为需要所有访问80端口的数据需要转发到443端口,上面这段代码就是这个用处
步骤四:sbin目录下执行 ./nginx -t 验证文件是否通过,通过后启动nginx,即可实现https访问。
最近浏览
