博客

nginx监听443配置https证书

  • Post author:
  • Post category:其他


解压缩下载好的证书(证书一般是pem文件和key文件,这里名字可以随便改)

将下载好的证书上上传到服务器,我将证书放在了

home/ubuntu/cert

文件夹中,可以写全路径 

http {
  include       mime.types;
  default_type  application/octet-stream;
  sendfile        on;
  keepalive_timeout  65;


  server {
    #监听443端口
    listen 443;
    listen       [::]:443 ssl http2;
    #你的域名
    server_name xxx.xxx.xxx; 
    ssl on;
    #ssl证书的pem文件路径
    ssl_certificate  /home/ubuntu/cert/huiblog.top.pem;
    #ssl证书的key文件路径
    ssl_certificate_key /home/ubuntu/cert/huiblog.top.key;

    access_log  /var/log/nginx/pay-access.log main;
    
    #所有请求url都转发
    location / {
    	proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     	proxy_pass  http://公网地址:项目端口号;
    }
  }
  
  server {
    listen 80;
    listen       [::]:80;
    server_name  xxx.xxx.xxx;
    access_log  /var/log/nginx/xx-access.log main;
    
	location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://xxx.xxx.xxx.xxx:9999;
    }

    #将请求转成https
    #rewrite ^(.*)$ https://$server_name$1 permanent;
  }
}



注意:这里需要在安全组中开放443端口.



或者直接在前面

http

模块下配置证书,对所有的

server

都生效

http {

##
# Basic Settings
##

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;
# server_tokens       off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_timeout  10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_certificate "/etc/nginx/cert/xxx__xxx.cn.pem";
ssl_certificate_key "/etc/nginx/cert/xxx__xxx.cn.key";

##
# Loging Settings
##

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for" '
  '$request_time $upstream_response_time $pipe';

access_log  /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;



include /etc/nginx/conf.d/*.conf;
include /etc/nginx/xx-enabled/*;

}


版权声明:本文为weixin_43944305原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。