- Nginx配置ssl证书(https证书)
- 安装nginx
- Nginx 的 SSL 模块安装
- 下载Nginx 服务证书
- 配置nginx.conf
-
安装nginx
搭建服务器,安装docker-compose
https://blog.csdn.net/qq_33240556/article/details/124789530
安装docker-compose nginx
https://blog.csdn.net/qq_33240556/article/details/124890382 -
下载Nginx 服务证书
https://help.aliyun.com/zh/ssl-certificate/user-guide/submit-a-certificate-application?spm=a2c4g.11186623.0.0.37d455adPUyVK5
- 配置nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
client_max_body_size 100m;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
#监听的端口,nginx 1.15.0及以上版本,使用listen 443 ssl代替,1.15.0以下的使用listen 443
listen 443 ssl;
server_name localhost;
charset utf-8;
# ssl证书地址
#指定pem文件所在路径,如果写相对路径,必须把该文件和nginx.conf文件放到一个目录下。
ssl_certificate ssl.pem;
#指定私钥文件key所在路径,如果写相对路径,必须把该文件和nginx.conf文件放到一个目录下。
ssl_certificate_key ssl.key;
# ssl验证相关配置
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
root /home/ruoyi-ui/dist;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.56.1.75:8080/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#配置80端口重定向443端口
server {
listen 80;
server_name localhost;
#用地址重写规则
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
}
