用nginx把apigateway配置成https
1安装nginx
sudo yum install nginx
2查看nginx配置文件路径
ps -ef | grep nginx
nginx -t
3复制nginx.conf到自己工作的目录
4修改nginx.conf,可以看到本身就有个ssl的模板,改模板就行。
# Settings for a TLS enabled server. # # server { # listen 443 ssl http2 default_server; # listen [::]:443 ssl http2 default_server; # server_name _; # root /usr/share/nginx/html; # # ssl_certificate "/etc/pki/nginx/server.crt"; # ssl_certificate_key "/etc/pki/nginx/private/server.key"; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 10m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # location / { # } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } upstream apigateway{ server 11.111.111.111:5015; } server { listen 5014 ssl; server_name _; # root /usr/share/nginx/html; ssl_certificate "/usr/local/nginx/api.crt"; ssl_certificate_key "/usr/local/nginx/api_no_passwd.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://apigateway; proxy_redirect default; proxy_set_header X-Real-IP $remote_addr; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
5证书
ssl_certificate "/usr/local/nginx/api.crt";
ssl_certificate_key "/usr/local/nginx/api_no_passwd.key";
这两行是证书。
证书生成参考:
https://blog.csdn.net/xuanyushifeng/article/details/104511095