nginx;HTTP=>HTTPS + 与后台对接接口
零 背景
最近在做一个音视频会议网站,因为要调用摄像头,所以要把http转成https,所以用了nginx,这里记录下
一。http转https
server{
listen 8221 ;
server_name localhost;
ssl on;
ssl_certificate key/server.crt; # 这里是服务端的证书路径
ssl_certificate_key key/server.key; # 这里是秘钥路径
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location / {
proxy_redirect off;
proxy_pass http://localhost:5500;
# proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # 升级协议头
proxy_set_header Connection upgrade;
}
}
二 https与后台接口链接
location /devApi/interface/ {
proxy_pass https://172.22.1.190:8888/interface/;
# proxy_set_header: Host $host;
}
三 完整版
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server{
listen 8221 ;
server_name localhost;
ssl on;
ssl_certificate key/server.crt; # 这里是服务端的证书路径
ssl_certificate_key key/server.key; # 这里是秘钥路径
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_verify_client off;
location / {
proxy_redirect off;
proxy_pass http://localhost:5500;
# proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # 升级协议头
proxy_set_header Connection upgrade;
}
location /devApi/interface/ {
proxy_pass https://172.22.1.190:8888/interface/;
# proxy_set_header: Host $host;
}
}
}
