Nginx配置HTTPS访问

Nginx配置HTTPS访问

首先要申请本次配置HTTPS访问的域名所需SSL证书,并将下载后的证书拷贝到nginx服务器指定目录/opt/cert/,当前测试环境介绍:CentOS7.4上安装Nginx默认监听80端口,将用户请求转发到后端Tomcat的8080端口,然后添加SSL的配置信息。

cat /etc/nginx/conf.d/www.example.com.conf   //查看当前网站配置信息

当前配置内容如下:

server {
    listen 80;
    server_name www.example.com;
  
    location / {
        proxy_pass   http://127.0.0.1:8080; #Tomcat的8080端口
        proxy_set_header   Host      $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}


使用HTTPS访问,需要开启SSL配置并添加SSL证书等信息,修改配置后内容如下:

server {
    listen 443 ssl;
    server_name www.example.com;  #启用HTTPS访问的域名

    ssl_certificate    /opt/cert/www.example.com.pem;  #SSL公钥存放路径
    ssl_certificate_key   /opt/cert/www.example.com.key;  #SSL私钥存放路径
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;  
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security "max-age=31536000";

    location / {
        proxy_pass   http://127.0.0.1:8080; #Tomcat的8080端口
        proxy_set_header   Host      $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}

检查配置文件是否正确命令

nginx -t

然后重启nginx服务后,就可以使用https协议访问你的域名了。

systemctl restart nginx

评论

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×