Nginx配置https
一、nginx先配置https环境
1、找打nginx的安装环境 ,如nginx的安装目录是/usr/local/nginx,源包在/root/nginx-1.10.1目录下
2、切换到源码包
# cd /root/nginx-1.10.1
3、进行编译
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
4.配置完成后,运行命令:
# make
5.make命令执行后,不要进行make install,否则会覆盖安装。
6.备份原有已安装好的nginx:
# cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
7.停止nginx状态:
# /usr/local/nginx/sbin/nginx -s stop
8.将编译好的nginx覆盖掉原有的nginx:
# cd /root/nginx-1.10.1/ # cp ./objs/nginx /usr/local/nginx/sbin/
9.提示是否覆盖,输入yes即可。
10.然后启动nginx:
# /usr/local/nginx/sbin/nginx
11.进入nginx/sbin目录下,通过命令查看模块是否已经加入成功:
# cd /usr/local/nginx/sbin/
# ./nginx -V
二、在阿里云申请免费的证书
证书与域名是绑定的,配置nginx时看清楚
三、配置nginx
1、我在nginx.conf中配置了2个不同的域名
#user nobody; worker_processes 1; error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; # http配置 server { listen 80; server_name www.xiaoyaodijun.com; location / { root /var/app/dist/; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } #https 配置 server { listen 443 ssl; server_name web.xiaoyaodijun.com; root /var/app2/dist; #文件地址 index index.html index.htm; #默认首页 ssl_certificate /var/cret/web.xiaoyaodijun.pem; #证书地址 ssl_certificate_key /var/cret/web.xiaoyaodijun.key; #证书地址 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #代理请求http接口 location /ospapi/{ proxy_pass http://xxx.xxx.xx.xx:xxxx/front/; } }
#http请求自动重订向https
server{
listen 80;
server_name web.xiaoyaodijun.com;
rewrite ^/(.*)$ https://web.xiaoyaodijun.com:443/$1 permanent;
}
}
2、https网站中,如果接口服务是http的,那么请求接口就会被拒绝,需要使用nginx做代理转发
#代理请求http接口 location /ospapi/{ proxy_pass http://xxx.xxx.xx.xx:xxxx/front/; }
3、前端页面的配置为
//代理模式请求接口 export const Url = "https://web.xiaoyaodijun.com/ospapi/"
即请求地址为
https://web.xiaoyaodijun.com/ospapi/edmap/getuser/test