https实现三种方式
https实现三种方式
1.单个ECS/nginx配置https
单个ECS,添加域名证书【公网/私有】,并添加跳转https
server { listen 80; server_name www.weirui.com; return 302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location / { index index.php; } }
2.SLB+ECS
user 》 https 》 SLB > http > web_cluster user 》 https 》 SLB > https > web_cluster #负载均衡 upstream web_cluster { server xx:80; server xx:80; } server { listen 80; server_name www.weirui.com; return 302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location / { proxy_pass http://web_cluster; proxy_set_Header Host $http_host; } } #web_cluster server { listen 80; server_name www.weirui.com; return 302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location / { index index.php; } }
3.CDN+SLB+ECS
1.公网证书 2.需要SLB添加证书,将SLB的80端口删除 3.为SLB配置基于HTTPS的访问 4.将SLB的HTTP转到HTTPS 5.上传CDN的HTTPS 注: 若前端是https后端是http,那么需要在后端配置允许支持https。 #vi /etc/nginx/nginx.conf server { ... location ~ \.php { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $doucument_root$fastcgi_script_name; include fastcgi_param; fastcgi_param HTTPS on; } }
配置校验
#nginx -t #nginx -s reload 或 #systemctl daemon-reload #systemctl restart nginx
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)