文章目录
- Nginx 开启 ssl 以支持 HTTPS
- 1 生成本地证书
- 2 开启 ssl 以支持 HTTPS
- 3 将 https 的请求转发给 http
- 最终的 nginx.conf 如下
Nginx 开启 ssl 以支持 HTTPS
[!IMPORTANT]
在下文中,将采用如下定义。
HTTP端口: 80
HTTPS端口: 443
服务地址: www.0ll1.com,也可以是 IP
1 生成本地证书
-
生成一个 RSA 私钥:
server.keyopenssl genrsa -out server.key 2048 -
生成一个自签名的 X.509 证书:
server.crtopenssl req -new -x509 -days 8760 -key server.key -out server.crt -subj "/C=CN/O=Institute of Information Engineering, CAS/CN=www.0ll1.com"
2 开启 ssl 以支持 HTTPS
server {listen 443 ssl;server_name www.0ll1.com;ssl_certificate /usr/local/nginx/cert/server.crt;ssl_certificate_key /usr/local/nginx/cert/server.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;ssl_prefer_server_ciphers on;
}
3 将 https 的请求转发给 http
server {location / {proxy_set_header Host $host;proxy_redirect off;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_connect_timeout 60;proxy_read_timeout 600;proxy_send_timeout 600;proxy_pass http://www.0ll1.com:80;}
}
[!NOTE]
只需要将
proxy_pass修改为 http 服务的 url 即可。
最终的 nginx.conf 如下
server {listen 443 ssl;server_name www.0ll1.com;ssl_certificate /usr/local/nginx/cert/server.crt;ssl_certificate_key /usr/local/nginx/cert/server.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;ssl_prefer_server_ciphers on;location / {proxy_set_header Host $host;proxy_redirect off;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_connect_timeout 60;proxy_read_timeout 600;proxy_send_timeout 600;proxy_pass http://www.0ll1.com:80;}
}
