用nginx把apigateway配置成https

1安装nginx

sudo yum install nginx

 

2查看nginx配置文件路径

ps -ef | grep nginx

nginx -t

 

3复制nginx.conf到自己工作的目录

4修改nginx.conf,可以看到本身就有个ssl的模板,改模板就行。

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }
    upstream apigateway{
        server    11.111.111.111:5015;
    }

    server {
       listen       5014 ssl;
       server_name  _;
    #    root         /usr/share/nginx/html;

       ssl_certificate "/usr/local/nginx/api.crt";
       ssl_certificate_key "/usr/local/nginx/api_no_passwd.key";
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers on;

       location / {
           proxy_pass    http://apigateway;
           proxy_redirect default;
           proxy_set_header X-Real-IP $remote_addr;
       }

       error_page 404 /404.html;
           location = /40x.html {
       }

       error_page 500 502 503 504 /50x.html;
           location = /50x.html {
       }
   }

5证书

ssl_certificate "/usr/local/nginx/api.crt";

ssl_certificate_key "/usr/local/nginx/api_no_passwd.key";

这两行是证书。

证书生成参考:

https://blog.csdn.net/xuanyushifeng/article/details/104511095

posted @ 2020-09-27 08:57  十三燕  阅读(1474)  评论(0编辑  收藏  举报