返回顶部

https实现三种方式

https实现三种方式

1.单个ECS/nginx配置https

单个ECS,添加域名证书【公网/私有】,并添加跳转https

复制代码
server {
        listen 80;
        server_name www.weirui.com;
        return  302 https://$server_name$request_uri;
}
server  {
        listen 443 ssl;
        server_name  www.weirui.com;
        ssl_certificate  key;
        ssl_certificate_key server.key;
        location / {
            index index.php;
        }
}
复制代码

2.SLB+ECS

复制代码
user 》 https 》 SLB > http > web_cluster
user 》 https 》 SLB > https > web_cluster

#负载均衡
upstream  web_cluster {
        server xx:80;
        server xx:80;
}
server {
        listen 80;
        server_name www.weirui.com;
        return  302 https://$server_name$request_uri;
}
 server  {
        listen 443 ssl;
        server_name  www.weirui.com;
        ssl_certificate  key;
        ssl_certificate_key server.key;
        location / {
            proxy_pass  http://web_cluster;
            proxy_set_Header Host $http_host;
        }
}



#web_cluster

server {
        listen 80;
        server_name www.weirui.com;
        return  302 https://$server_name$request_uri;
}
server  {
        listen 443 ssl;
        server_name  www.weirui.com;
        ssl_certificate  key;
        ssl_certificate_key server.key;
        location / {
            index index.php;
        }
}
复制代码

3.CDN+SLB+ECS

复制代码
1.公网证书
2.需要SLB添加证书,将SLB的80端口删除
3.为SLB配置基于HTTPS的访问
4.将SLB的HTTP转到HTTPS
5.上传CDN的HTTPS

注:
若前端是https后端是http,那么需要在后端配置允许支持https。
#vi /etc/nginx/nginx.conf
server {
    ...
    location ~ \.php {
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $doucument_root$fastcgi_script_name;
        include  fastcgi_param;
        fastcgi_param   HTTPS  on;
    }
}
复制代码

配置校验

#nginx -t
#nginx -s  reload

或
#systemctl daemon-reload
#systemctl restart nginx

 

posted @   九尾cat  阅读(364)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)
点击右上角即可分享
微信分享提示

目录导航