Nginx安装SSL证书

一、java后台接口配置SSL

拷贝证书文件到 /etc/nginx 文件夹下，nginx配置文件如下

server {
	listen 4433;
	server_name localhost;
	ssl on;
	#ssl_certificate xxxxxxx.crt;  
	#ssl_certificate_key xxxxxxx.rsa;  
	ssl_certificate xxxxxxxxxxxx.com.pem;
	ssl_certificate_key xxxxxxxxxxxx.com.key;
	ssl_session_timeout 5m;
	#ssl_protocols SSLv2 SSLv3 TLSv1;  
	#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;  
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
	ssl_prefer_server_ciphers on;
	location ~ /api/(.*) {
			proxy_redirect off;
			proxy_set_header Host $host;
			proxy_set_header X-Ssl on;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://localhost:8080;
	}
}

 

二、前台打包好的静态文件配置SSL

拷贝证书文件到 /etc/nginx 文件夹下，nginx配置文件如下

 

upstream xanadu{
	server localhost:8080;
}

server {
	set $PROXYPASS http://xx.xx.xx.xx:8000;
	set $FRONTPATH /home/userpt/web-ui;
	listen       443 ssl;
	listen       localhost;
	#证书文件名称
	ssl_certificate xxxxxxxxxxxx.crt;
	#私钥文件名称
	ssl_certificate_key xxxxxxxxxxxx.key;
	ssl_session_timeout 5m;
	#请按照这个协议配置
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	#请按照这个套件配置，配置加密套件，写法遵循 openssl 标准。
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
	ssl_prefer_server_ciphers on;

	location / {
		root $FRONTPATH;
		index  index.html;
		location = / {
			root $FRONTPATH;
		}

		location ~* \.(css|js|jpg|jpeg|gif|png|ico|swf|htm|html|json|xml|svg|woff|ttf|eot|map|woff2)$ {

			if (-f $request_filename) {
				root $FRONTPATH;
				expires    30d;
				break;
			}
			if ( !-e $request_filename) {
				proxy_pass  $PROXYPASS;
			}
		}

		proxy_pass  $PROXYPASS;
	}

	error_page 404 /404.html;
		location = /40x.html {
	}

	error_page 500 502 503 504 /50x.html;
		location = /50x.html {
	}
}