下面我们通过配置nginx来开启https访问
1、ssl证书申请可以在阿里云上申请一个免费的
需要在域名解析上加上解析值,阿里云会自动添加的。
2、申请完后下载证书放到nginx上
/usr/local/nginx/cert/www.suibibk.com.pem;/usr/local/nginx/cert/www.suibibk.com.key;
3、nginx的配置文件如下所示,这样就配置好了
ssl_certificate /usr/local/nginx/cert/www.suibibk.com.pem;ssl_certificate_key /usr/local/nginx/cert/www.suibibk.com.key;
4、如下nginx配置文件
user root;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 1024;}http {include mime.types;default_type application/octet-stream;#log_format main '$remote_addr - $remote_user [$time_local] "$request" '# '$status $body_bytes_sent "$http_referer" '# '"$http_user_agent" "$http_x_forwarded_for"';#access_log logs/access.log main;sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65;#gzip on;#1、博客首页server {listen 80;server_name www.suibibk.com suibibk.com;rewrite ^(.*)$ https://$host$1 permanent;}#1、博客首页server {listen 443;server_name www.suibibk.com suibibk.com;#这个是防止登录用suibibk.com,然后访问用www.suibibk.com,然后session不一致if ( $host = 'suibibk.com' ){rewrite ^(.*)$ https://www.suibibk.com$1 permanent;}ssl on;client_max_body_size 1536m;root html;index index.html index.htm;ssl_certificate /usr/local/nginx/cert/www.suibibk.com.pem;ssl_certificate_key /usr/local/nginx/cert/www.suibibk.com.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;location /fileupload {root /home/itweb/data/;index index.html index.htm;}location / {proxy_pass http://127.0.0.1:8080;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto https;proxy_next_upstream off;proxy_connect_timeout 30;proxy_read_timeout 1800;proxy_send_timeout 300;}}}
