Nginx 配置 SSL
1.下载SSL证书
.crt 和 .key文件
2.创建和上传证书
bash
mkdir -p /etc/nginx/cert
上传证书3.nginx.conf配置
bash
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name baiduX.com www.baiduX.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name meteor;
# 证书配置
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
error_page 497 301 =307 https://$host:$server_port$request_uri;
location / {
root /mnt/data/meteor/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /Galaxys/ {
proxy_pass http://127.0.0.1:6012/Galaxys/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port 6012;
proxy_set_header Host $host:6012;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
access_log off;
client_max_body_size 1024m;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 3461 ssl;
server_name baudu;
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
root /mnt/data/comet/dist;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /Galaxys/ {
proxy_pass http://127.0.0.1:6905/Galaxys/;
}
}
server {
listen 4901 ssl;
server_name dure;
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
root /mnt/data/stellar/dist;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /Galaxys/ {
proxy_pass https://www.uyi.com/Galaxys/;
}
}
server {
listen 8901 ssl;
server_name supplier;
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
root /mnt/data/supplier/dist-dev;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /Galaxys/ {
proxy_pass https://iop.com/Galaxys/;
}
}
server {
listen 8718 ssl;
server_name byu;
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
client_max_body_size 1280m;
proxy_read_timeout 600;
error_page 497 301 =307 https://$host:$server_port$request_uri;
location / {
proxy_pass http://127.0.0.1:8010;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port 8011;
proxy_set_header Host $host:8011;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
access_log off;
}
# You may need this to prevent return 404 recursion.
location = /404.html {
internal;
}
}
}
bash
cd /etc/nginx
service nginx restart
或
systemctl restart nginx.service