Nginx配置HTTTPS

511人浏览 / 0人评论

1.先安装nginx

2.使用acme.sh https://github.com/Neilpang/acme.sh 获取https证书

注意:获取证书时要在nginx先配置网站根节点,acme.sh自动获取letsen证书时,会自动校验网站域名合法性

nginx.conf 配置文件

worker_processes  1;
 
events {
    worker_connections  1024;
}
 
http {
    include       mime.types;
    default_type  application/octet-stream;
 
    sendfile        on;
    keepalive_timeout  65;
	
    proxy_cache_path /usr/local/nginx/temp levels=1:2 keys_zone=my_cache:10m;
  
     upstream mysvr {
      #weigth参数表示权值,权值越高被分配到的几率越大   
      #1.down 表示单前的server暂时不参与负载
      #2.weight 默认为1.weight越大,负载的权重就越大。     
      #3.backup: 其它所有的非backup机器down或者忙的时候,请求backup机器。所以这台机器压力会最轻。  
      #server 192.168.1.116  down;
      #server 192.168.1.116  backup;
      server 47.107.149.134:8080;
    }
    server {
        listen       80;
        server_name  47.107.149.134;
	rewrite ^(.*)$  https://$host$1 permanent; 
 
        location / {
            proxy_cache my_cache;
	    proxy_pass http://mysvr;
	    proxy_set_header Host $host; 
	    proxy_set_header Cookie $http_cookie;
	    proxy_set_header X-Real-IP $remote_addr; 
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_connect_timeout 600;
 	    proxy_read_timeout 600;
 	    proxy_send_timeout 600; 
	}
    }
 
    server {
         listen       443 ssl;
        server_name  mfshi.com;
	ssl_certificate   /usr/local/nginx/ssl_cert/mfshi.com/mfshi.com.cer;
        ssl_certificate_key  /usr/local/nginx/ssl_cert/mfshi.com/mfshi.com.key;

        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  5m;
        #ssl_server_tokens off;
        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers  on;

        location / {
            proxy_pass http://127.0.0.1:8080; #映射到本地的8080端口。
            proxy_redirect off;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }  
    }
}

 

支付宝扫码打赏 微信打赏

如果文章对您有帮助,欢迎移至上方按钮打赏,非常感谢你的支持!

全部评论