小程序上线需要https
证书上传到nginx服务器
证书下发,将证书上传到服务器nginx conf路径下,创建sslkey文件夹存放所绑域名的证书和私钥
/usr/local/nginx/conf/sslkey 讯享网
修改nginx配置文件
讯享网vim /usr/local/nginx/cong/nginx.conf #user nobody; worker_processes 4; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events {
worker_connections ; } http {
include mime.types; default_type application/octet-stream; client_header_buffer_size 100m; client_max_body_size 100m; proxy_connect_timeout 10m; proxy_read_timeout 10m; proxy_send_timeout 10m; underscores_in_headers on; #open_file_cache_valid 30s; #expires 60m; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; upstream XXXX.com {
server 10.0.18.162:8066 weight=1; server 10.0.18.163:8066 weight=1; server 10.0.18.164:8066 weight=1; server 10.0.18.196:8066 weight=2; server 10.0.18.197:8066 weight=2; #server 10.0.18.162:8066 weight=1 max_fails=3 fail_timeout=30s; } upstream zuul.com {
server 10.0.18.165:9200; server 10.0.18.166:9200; server 10.0.18.167:9200; server 10.0.18.168:9200; server 10.0.18.169:9200; server 10.0.18.170:9200; server 10.0.18.171:9200; server 10.0.18.172:9200; server 10.0.18.173:9200; server 10.0.18.174:9200; server 10.0.18.175:9200; server 10.0.18.176:9200; #server 10.0.18.165:9200 max_fails=3 fail_timeout=30s; } server {
listen 80; server_name localhost; rewrite ^(.*)$ https://$host$1 permanent; #http永久跳转https #charset koi8-r; #access_log logs/host.access.log main; location / {
proxy_pass http://XXXX.com; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
index index.html index.htm; }
error_page 404 /404.html; # redirect server error pages to the static page /50x.html #
error_page 500 502 503 504 /50x.html; location = /50x.html {
root html; } } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ {
# proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ {
# root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht {
# deny all; #} # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ {
# proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ {
# root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht {
# deny all; #} # another virtual host using mix of IP-, name-, and port-based configuration # #server {
# listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / {
# root html; # index index.html index.htm; # } #} #HTTPS server server {
listen 443 ssl; server_name localhost; ssl_certificate sslkey/xxxxxx.crt; ssl_certificate_key sslkey/xxxxxx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; ssl_prefer_server_ciphers on; location / {
proxy_pass http://xxxx.com; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /ngx_status {
#开启nginx监控页面 stub_status on; }
location /swagger-ui.html {
deny all; }
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html; location = /50x.html {
root html; } server {
listen 9200 ssl; server_name localhost; ssl_certificate sslkey/xxxxxx.crt; #证书的相对路径 ssl_certificate_key sslkey/xxxxxx.key; #私钥的相对路径 ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; ssl_prefer_server_ciphers on; location / {
proxy_pass http://xxxx.com; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } } }
配置文件仅供参考,需根据实际项目调整
重启nginx
/usr/local/nginx/sbin/nginx -s reload 验证登录
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容,请联系我们,一经查实,本站将立刻删除。
如需转载请保留出处:https://51itzy.com/kjqy/43759.html