Nginx配置https

一、nginx先配置https环境

     1、找打nginx的安装环境  ,如nginx的安装目录是/usr/local/nginx,源包在/root/nginx-1.10.1目录下

     2、切换到源码包

# cd  /root/nginx-1.10.1

   3、进行编译

# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
4.配置完成后,运行命令:
# make
5.make命令执行后,不要进行make install,否则会覆盖安装。
 
6.备份原有已安装好的nginx:
# cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
7.停止nginx状态:
# /usr/local/nginx/sbin/nginx -s stop
8.将编译好的nginx覆盖掉原有的nginx:
# cd /root/nginx-1.10.1/

# cp ./objs/nginx /usr/local/nginx/sbin/
9.提示是否覆盖,输入yes即可。

10.然后启动nginx:
# /usr/local/nginx/sbin/nginx
11.进入nginx/sbin目录下,通过命令查看模块是否已经加入成功:
 
# cd /usr/local/nginx/sbin/

# ./nginx -V

二、在阿里云申请免费的证书

 证书与域名是绑定的,配置nginx时看清楚

三、配置nginx

  1、我在nginx.conf中配置了2个不同的域名

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
error_log  logs/error.log  notice;
error_log  logs/error.log  info;



events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

     # http配置
     server {
        listen       80;
        server_name  www.xiaoyaodijun.com;
        location / {
            root   /var/app/dist/;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }


    #https 配置
    server {
       listen       443 ssl;
       server_name  web.xiaoyaodijun.com;

       root   /var/app2/dist;  #文件地址
       index  index.html index.htm; #默认首页

       ssl_certificate      /var/cret/web.xiaoyaodijun.pem;  #证书地址
       ssl_certificate_key  /var/cret/web.xiaoyaodijun.key;  #证书地址

       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;

       ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers  on;

       #代理请求http接口
       location /ospapi/{
           proxy_pass http://xxx.xxx.xx.xx:xxxx/front/;
       }

    }

#http请求自动重订向https
    server{
        listen 80;
        server_name web.xiaoyaodijun.com;
        rewrite ^/(.*)$ https://web.xiaoyaodijun.com:443/$1 permanent;
    }




}

 

2、https网站中,如果接口服务是http的,那么请求接口就会被拒绝,需要使用nginx做代理转发
 
   #代理请求http接口
       location /ospapi/{
           proxy_pass http://xxx.xxx.xx.xx:xxxx/front/;
       }

 

3、前端页面的配置为

//代理模式请求接口
export const Url = "https://web.xiaoyaodijun.com/ospapi/"

即请求地址为

https://web.xiaoyaodijun.com/ospapi/edmap/getuser/test

 

 
posted @ 2021-12-29 10:56  逍遥帝君  阅读(25687)  评论(0编辑  收藏  举报