Nginx配置HTTPS加密+HTTP2.0

Nginx配置HTTPS加密+HTTP2.0

# 证书部署方式有很多,我这边选择使用公网已申请的证书来做(可以使用CertBot实现自动签发)

1:安装Nginx:我这里使用yum
[root@virtual_host ~]# yum install -y nginx

2:创建ssl证书目录及上传ssl证书
[root@virtual_host nginx]# mkdir /etc/nginx/ssl
[root@virtual_host ssl]# ls
server.crt  server.key
# 证书可走公网申请或使用openssl自签

3:配置nginx:我这里选用新建配置文件(前提是需要删除nginx.conf内的server字段)
cat << eof>>/etc/nginx/conf.d/ssl.conf
server {
    listen    80;
    server_name   ingress.kubernetes-devops.cn;
    location /{
        return    301 https://ingress.kubernetes-devops.cn;
    }
}
server {
    listen       443 ssl http2;
    server_name  ingress.kubernetes-devops.cn;
    root   /usr/share/nginx/html;
    index  index.html;

    ssl_certificate     /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
}
eof

4:启动nginx测试
[root@virtual_host nginx]# nginx

[root@virtual_host conf.d]# curl ingress.kubernetes-devops.cn
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
[root@virtual_host conf.d]# curl -L ingress.kubernetes-devops.cn
<h1>This is SSL</h1>
[root@virtual_host conf.d]# curl -I ingress.kubernetes-devops.cn
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Mon, 10 Jan 2022 03:07:18 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://ingress.kubernetes-devops.cn

image

posted @ 2022-01-10 11:14  Layzer  阅读(78)  评论(0编辑  收藏  举报