Centos Nginx SSL 配置

Nginx 配置 SSL

1.下载SSL证书

.crt 和 .key文件

2.创建和上传证书

bash 复制代码
mkdir -p /etc/nginx/cert
上传证书

3.nginx.conf配置

bash 复制代码
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    
    include /etc/nginx/conf.d/*.conf;
    
    server {
	listen 80;
        server_name baiduX.com www.baiduX.com;
        return 301 https://$server_name$request_uri;  
    }

    server {

 	listen 443 ssl;
        server_name meteor;
        # 证书配置
        ssl_certificate /etc/nginx/cert/server.crt;
        ssl_certificate_key /etc/nginx/cert/server.key;
        ssl_session_cache shared:sslcache:20m;
        ssl_session_timeout 10m;

        error_page 497 301 =307 https://$host:$server_port$request_uri;

        location / {
            root /mnt/data/meteor/html;
            index index.html index.htm;
			try_files $uri $uri/ /index.html;
        }
	   location /Galaxys/ {

			proxy_pass http://127.0.0.1:6012/Galaxys/;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Forwarded-Host  $host;
			proxy_set_header X-Forwarded-Port 6012;
			proxy_set_header Host $host:6012;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "Upgrade";
			access_log off;
			client_max_body_size 1024m;
        }
		
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    server {
        listen 3461 ssl;
        server_name baudu;
        ssl_certificate /etc/nginx/cert/server.crt;
        ssl_certificate_key /etc/nginx/cert/server.key;
        ssl_session_cache shared:sslcache:20m;
        ssl_session_timeout 10m;

        location / {
            root   /mnt/data/comet/dist;
            index  index.html index.htm;
			try_files $uri $uri/ /index.html;
        }

        location /Galaxys/ {
			proxy_pass http://127.0.0.1:6905/Galaxys/;
               }
    }
    
    server {
        listen 4901 ssl;
        server_name dure;
        ssl_certificate /etc/nginx/cert/server.crt;
        ssl_certificate_key /etc/nginx/cert/server.key;
        ssl_session_cache shared:sslcache:20m;
        ssl_session_timeout 10m;

        location / {
            root   /mnt/data/stellar/dist;
            index  index.html index.htm;
            try_files $uri $uri/ /index.html;
        }

		location /Galaxys/ {
           proxy_pass https://www.uyi.com/Galaxys/;
		}
    } 

    server {
        listen 8901 ssl;
        server_name supplier;
        ssl_certificate /etc/nginx/cert/server.crt;
        ssl_certificate_key /etc/nginx/cert/server.key;
        ssl_session_cache shared:sslcache:20m;
        ssl_session_timeout 10m;

        location / {
            root   /mnt/data/supplier/dist-dev;
            index  index.html index.htm;
            try_files $uri $uri/ /index.html;
        }

		location /Galaxys/ {
           proxy_pass https://iop.com/Galaxys/;
		}
    }
    
    server {
        listen 8718 ssl;
        server_name byu;
        ssl_certificate /etc/nginx/cert/server.crt;
        ssl_certificate_key /etc/nginx/cert/server.key;
        ssl_session_cache shared:sslcache:20m;
        ssl_session_timeout 10m;

        client_max_body_size 1280m;
		proxy_read_timeout 600;

        error_page 497 301 =307 https://$host:$server_port$request_uri;

		location / {
			proxy_pass http://127.0.0.1:8010;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Forwarded-Host  $host;
			proxy_set_header X-Forwarded-Port 8011;
			proxy_set_header Host $host:8011;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "Upgrade";
			access_log off;

		}
		# You may need this to prevent return 404 recursion.
		location = /404.html {
				internal;
		}
    }
}
bash 复制代码
cd /etc/nginx
service nginx restart
或
systemctl restart nginx.service
相关推荐
Bessssss2 小时前
centos权限大集合,覆盖多种权限类型,解惑权限后有“. + t s”问题!
linux·运维·centos
苹果醋32 小时前
Golang的文件加密工具
运维·vue.js·spring boot·nginx·课程设计
R-sz3 小时前
14: curl#6 - “Could not resolve host: mirrorlist.centos.org; 未知的错误“
linux·python·centos
董健正4 小时前
centos制作离线安装包
linux·运维·centos
☆凡尘清心☆5 小时前
CentOS上安装NTP并配置时间同步
linux·阿里云·centos
洛神灬殇6 小时前
彻底认识和理解探索分布式网络编程中的SSL安全通信机制
网络·分布式·ssl
m0_748238277 小时前
WebClient HTTP 请求问题处理模板(泛型响应、忽略 SSL 证书等)
网络协议·http·ssl
୧⍢⃝୨ LonelyCoder8 小时前
FreePBX修改IP地址和端口以及添加SSL证书开启HTTPS访问
tcp/ip·https·ssl
Bessssss10 小时前
centos日志管理,xiao整理
linux·运维·centos
豆是浪个10 小时前
Linux(Centos 7.6)yum源配置
linux·运维·centos