https实现三种方式
https实现三种方式
1.单个ECS/nginx配置https
单个ECS,添加域名证书【公网/私有】,并添加跳转https
server { listen 80; server_name www.weirui.com; return 302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location / { index index.php; } }
2.SLB+ECS
user 》 https 》 SLB > http > web_cluster user 》 https 》 SLB > https > web_cluster #负载均衡 upstream web_cluster { server xx:80; server xx:80; } server { listen 80; server_name www.weirui.com; return 302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location / { proxy_pass http://web_cluster; proxy_set_Header Host $http_host; } } #web_cluster server { listen 80; server_name www.weirui.com; return 302 https://$server_name$request_uri; } server { listen 443 ssl; server_name www.weirui.com; ssl_certificate key; ssl_certificate_key server.key; location / { index index.php; } }
3.CDN+SLB+ECS
1.公网证书 2.需要SLB添加证书,将SLB的80端口删除 3.为SLB配置基于HTTPS的访问 4.将SLB的HTTP转到HTTPS 5.上传CDN的HTTPS 注: 若前端是https后端是http,那么需要在后端配置允许支持https。 #vi /etc/nginx/nginx.conf server { ... location ~ \.php { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $doucument_root$fastcgi_script_name; include fastcgi_param; fastcgi_param HTTPS on; } }
配置校验
#nginx -t #nginx -s reload 或 #systemctl daemon-reload #systemctl restart nginx
