Nginx https配置http的图片服务

1.在Nginx配置网站的https服务

复制代码
 # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  localhost,10.11.1.68;

         ssl_certificate    ca.crt;
         ssl_certificate_key ca.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        #请按照以下协议配置
        ssl_protocols           TLSv1.2 TLSv1.3;

        #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
        ssl_ciphers             ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
            root   E:/VisualizationPlatform/;
            try_files $uri $uri/ @router;
            index  index.html index.htm;
        }
        location @router {
            rewrite ^.*$ /index.html last;
        }

        location ^~/manage/ {
               proxy_set_header   Host             $host;
               proxy_set_header   x-forwarded-for  $remote_addr;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_pass  http://10.11.1.68:6000/; #实际的接口地址
            proxy_connect_timeout 3600;
            proxy_send_timeout 3600; #设置发送超时时间
            proxy_read_timeout 3600; #设置读取超时时间
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
        }
        location ^~/dataSource/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.68:6001/; #实际的接口地址
        }
        location ^~/component/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.68:6002/; #实际的接口地址
        }
        location ^~/getLoopData/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.42:8161/; #实际的接口地址        
        }
        location ^~/prometheus/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.66:9000/;
        }
        location ^~/images/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass http://10.11.1.68:8087;
        }
        
    }
复制代码

我的证书 ca.crt和ca.key和conf配置文件放在一个路径下了:

 

根据以上配置后访问https是好使的,但是遇到了比如详情的时候图片地址是http的,显示不了。

这里需要对图片地址服务的重新代理:

比如我的图片服务在Nginx配置如下:

# PNG SVG 
    server {
        listen       8087;
        server_name  localhost,10.11.1.68;
        location /images/ {
            alias E:/Files/;
        }
    }

通过images的前缀代理了 E盘Files下的图片资源。

需要在https的配置下做个图片服务的反向代理:

 location ^~/images/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass http://10.11.1.68:8087;
        }

全部配置如下:

复制代码
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    
    client_max_body_size 200m;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  3600;
    fastcgi_connect_timeout 3600;
    fastcgi_send_timeout 3600;
    fastcgi_read_timeout 3600;
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;

    #gzip  on;

    
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    server {
        listen       80;
        server_name  localhost,10.11.1.68;
        location / {
            root   E:/VisualizationPlatform/;
            try_files $uri $uri/ @router;
            index  index.html index.htm;
        }
        location @router {
            rewrite ^.*$ /index.html last;
        }

        location ^~/manage/ {
               proxy_set_header   Host             $host;
               proxy_set_header   x-forwarded-for  $remote_addr;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_pass  http://10.11.1.68:6000/; #实际的接口地址
            proxy_connect_timeout 3600;
            proxy_send_timeout 3600; #设置发送超时时间
            proxy_read_timeout 3600; #设置读取超时时间
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
        }
        location ^~/dataSource/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.68:6001/; #实际的接口地址
        }
        location ^~/component/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.68:6002/; #实际的接口地址
        }
        location ^~/getLoopData/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.42:8161/; #实际的接口地址        
        }
        location ^~/prometheus/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.66:9000/;
        }
    }
    server {
        listen       8080;
        server_name  localhost,10.11.1.68;
        
        location / {
            root   E:/ComponentService/;
            index  index.html index.htm;
        }
        location @router {
            rewrite ^.*$ /index.html last;
        }
        location ^~/manage/ {
               proxy_set_header   Host             $host;
               proxy_set_header   x-forwarded-for  $remote_addr;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_pass  http://10.11.1.68:6000/; #实际的接口地址
        }
        location ^~/dataSource/ {
               proxy_set_header   Host             $host;
               proxy_set_header   x-forwarded-for  $remote_addr;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_pass  http://10.11.1.68:6001/; #实际的接口地址
        }

        location ^~/component/ {
               proxy_set_header   Host             $host;
               proxy_set_header   x-forwarded-for  $remote_addr;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_pass  http://10.11.1.68:6002/; #实际的接口地址
        }
        location ^~/reportForms/ {
               proxy_set_header   Host             $host;
               proxy_set_header   x-forwarded-for  $remote_addr;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_pass  http://10.11.1.67:8077/; #实际的接口地址
        }
        location ^~/getLoopData/ {
               proxy_set_header   Host             $host;
               proxy_set_header   x-forwarded-for  $remote_addr;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_pass  http://10.11.1.42:8161/; #实际的接口地址
        }
        location ^~/images/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass http://10.11.1.68:8087;
        }
    }
    server {
        listen       8081;
        server_name  localhost,10.11.1.68;
        location /reportmis/ {
            proxy_pass  http://10.11.1.67:8800/reportmis/; #实际的接口地址
        }
    }
 
    # PNG SVG 
    server {
        listen       8087;
        server_name  localhost,10.11.1.68;
        location /images/ {
            alias E:/Files/;
        }
    }

    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  localhost,10.11.1.68;

         ssl_certificate    ca.crt;
         ssl_certificate_key ca.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        #请按照以下协议配置
        ssl_protocols           TLSv1.2 TLSv1.3;

        #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
        ssl_ciphers             ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
            root   E:/VisualizationPlatform/;
            try_files $uri $uri/ @router;
            index  index.html index.htm;
        }
        location @router {
            rewrite ^.*$ /index.html last;
        }

        location ^~/manage/ {
               proxy_set_header   Host             $host;
               proxy_set_header   x-forwarded-for  $remote_addr;
               proxy_set_header   X-Real-IP        $remote_addr;
               proxy_pass  http://10.11.1.68:6000/; #实际的接口地址
            proxy_connect_timeout 3600;
            proxy_send_timeout 3600; #设置发送超时时间
            proxy_read_timeout 3600; #设置读取超时时间
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
        }
        location ^~/dataSource/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.68:6001/; #实际的接口地址
        }
        location ^~/component/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.68:6002/; #实际的接口地址
        }
        location ^~/getLoopData/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.42:8161/; #实际的接口地址        
        }
        location ^~/prometheus/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass  http://10.11.1.66:9000/;
        }
        location ^~/images/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass http://10.11.1.68:8087;
        }
        
    }
    
    server {
        listen       1443 ssl;
        server_name  localhost,10.11.1.68;

         ssl_certificate    ca.crt;
         ssl_certificate_key ca.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        #请按照以下协议配置
        ssl_protocols           TLSv1.2 TLSv1.3;

        #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
        ssl_ciphers             ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;

        location / {
            root   E:/VisualizationPlatform/;
            try_files $uri $uri/ @router;
            index  index.html index.htm;
        }
        location @router {
            rewrite ^.*$ /index.html last;
        }
        location ^~/jmgj/ {
            proxy_set_header   Host             $host;
            proxy_set_header   x-forwarded-for  $remote_addr;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_pass http://113.4.132.19:18035/;
        } 
        
        
    }
    
    

}
复制代码

 

posted @   创客未来  阅读(1478)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 没有源码,如何修改代码逻辑?
· PowerShell开发游戏 · 打蜜蜂
· 在鹅厂做java开发是什么体验
· WPF到Web的无缝过渡:英雄联盟客户端的OpenSilver迁移实战
历史上的今天:
2021-06-25 elementui 导出cvs文件
2021-06-25 javascript[es6]获取时间格式yyyy-MM-dd HH:ss:mm
点击右上角即可分享
微信分享提示