preface
This is a good one to set up. Proxy-wise, it is best to run HTTPS tests. If you want a free certificate, click me
I. Certificate upload
You can upload the certificate directly through the finalShell tool. The certificate is stored in the following directory: /etc/ssl/certs.pem;
2. Configure HTTP redirection to HTTPS
Into the
cd /usr/local/nginx/conf/
Copy the codeThe editor
vi nginx.conf
Copy the codeFind server 80. Plus redirect to HTTPS
Server {listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; rewrite ^(.*)$ https://$host$1 permanent; Location / {root HTML; index index.html index.htm; } # omit code blockCopy the codeAfter adding it, find the comment # HTTPS server. Open the following HTTP comment, and then change the SSL address
# omit code block. # HTTPS server server {listen 443 SSL; server_name localhost; ssl_certificate /etc/ssl/certs/4489861_www.lolku.cn.pem; ssl_certificate_key /etc/ssl/certs/4489861_www.lolku.cn.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:! aNULL:! MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; }}Copy the code3. Restart the configuration
After you restart, you can run on the page.
/usr/local/nginx/sbin/nginx -s reload
Copy the codeSecondary domain name HTTPS proxy
The previous section describes the current level 1 domain NAME HTTPS request. This section describes how to create HTTPS secondary domain names based on HTTP secondary domain names. It is the same, just add a new server after it, and then add a new server on the proxy. Such as:
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; rewrite ^(.*)$ https://$host$1 permanent; Location / {root HTML; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; }} server {listen 80; # port server_name api.xxxx.cn; Rewrite ^(.*)$https://$host$1 permanent; Location / {proxy_pass http://localhost:3000; # Proxy place proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } # # HTTPS server # # server { listen 443 ssl; server_name localhost; ssl_certificate /etc/ssl/certs/xxxxx.pem; ssl_certificate_key /etc/ssl/certs/xxxxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:! aNULL:! MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; }} server {listen 443 SSL; server_name api.xxx.cn; ssl_certificate /etc/ssl/certs/xxxxxx.pem; ssl_certificate_key /etc/ssl/certs/xxxxxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:! aNULL:! MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:3000; # Proxy place proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; }}}Copy the codeFive, access,
It is ok to access xxx.cn, and api.xxx.cn will report a danger warning because the agent’s proxy_pass http://localhost:3000; This address is HTTP, not HTTPS, so there is a problem. Solution: change http://locakhost:3000 to https://locakhost:3000 or change xxx.cn to 3000
6. Restart the configuration
Note: each configuration change requires a reboot
/usr/local/nginx/sbin/nginx -s reload
Copy the code【 the original address: https://lolku.cn/web/details/posts/39