記一次服務由http轉成https的nginx配置問題,nginx基礎的一些配置就不在這邊說了,
使用了nginx的gzip壓縮功能:用于提升用戶訪問前端頁面的速度
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#前端頁面壓縮,提升用戶訪問速度
gzip on;
#設定緩沖區大小
gzip_buffers 4 16k;
#壓縮級別官網建議是6
gzip_comp_level 6;
#壓縮的型別
gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php;
client_max_body_size 50m;
…… 代理前端:
前端使用https的默認埠:443,將443埠轉發到前端埠8080,
證書需要放到服務器上,這里我將證書放到了/opt/nginx/conf/certs/目錄下,
server {
#https默認埠443
listen 443 default ssl;
#配置域名
server_name 域名;
#配置證書
ssl_certificate /opt/nginx/conf/certs/_.域名_bundle.crt;
ssl_certificate_key /opt/nginx/conf/certs/域名_RSA.域名_RSA.key;
ssl_certificate /opt/nginx/conf/certs/_.域名_sm2_sign_bundle.crt;
ssl_certificate_key /opt/nginx/conf/certs/域名_SM2.域名_SM2.key;
ssl_certificate /opt/nginx/conf/certs/_.域名_sm2_encrypt_bundle.crt;
ssl_certificate_key /opt/nginx/conf/certs/域名_SM2.域名_SM2.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECC-SM4-SM3:ECDH:AESGCM:HIGH:MEDIUM:!RC4:!DH:!MD5:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
access_log logs/access_qd.log main;
#將443埠轉發到前端埠8080
location / {
proxy_set_header Host $host:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://ip:8080;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}配置后端:
后端使用8082埠進行代理,將8082埠轉發到后端埠8081,
因為我的服務用到了websocket,需要對websocket進行單獨代理,否則連接不上,
server {
#nginx代理后端埠
listen 8082 ssl;
#配置域名
server_name 域名;
#配置證書
ssl_certificate /opt/nginx/conf/certs/_.域名_bundle.crt;
ssl_certificate_key /opt/nginx/conf/certs/域名_RSA.域名_RSA.key;
ssl_certificate /opt/nginx/conf/certs/_.域名_sm2_sign_bundle.crt;
ssl_certificate_key /opt/nginx/conf/certs/域名_SM2.域名_SM2.key;
ssl_certificate /opt/nginx/conf/certs/_.域名_sm2_encrypt_bundle.crt;
ssl_certificate_key /opt/nginx/conf/certs/域名_SM2.域名_SM2.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECC-SM4-SM3:ECDH:AESGCM:HIGH:MEDIUM:!RC4:!DH:!MD5:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
access_log logs/access_hd.log main;
#如果使用了websocket需要單獨代理
location ~/webSocket/ {
access_log logs/come-websocket.log;
proxy_pass http://ip:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'Upgrade';
}
#將8082埠轉發到后端埠8081
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://ip:8081;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}配置好之后啟動nginx,
前端訪問后端的地址為:https://域名:8082,用戶訪問前端地址為https://域名,
完成~
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/295128.html
標籤:其他
上一篇:Binder機制學習