首先要申请本次配置HTTPS访问的域名所需SSL证书,并将下载后的证书拷贝到nginx服务器指定目录/opt/cert/,当前测试环境介绍:CentOS7.4上安装Nginx默认监听80端口,将用户请求转发到后端Tomcat的8080端口,然后添加SSL的配置信息。
cat /etc/nginx/conf.d/www.example.com.conf //查看当前网站配置信息
当前配置内容如下:
server {
listen 80;
server_name www.example.com;
location / {
proxy_pass http://127.0.0.1:8080; #Tomcat的8080端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
使用HTTPS访问,需要开启SSL配置并添加SSL证书等信息,修改配置后内容如下:
server {
listen 443 ssl;
server_name www.example.com; #启用HTTPS访问的域名
ssl_certificate /opt/cert/www.example.com.pem; #SSL公钥存放路径
ssl_certificate_key /opt/cert/www.example.com.key; #SSL私钥存放路径
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000";
location / {
proxy_pass http://127.0.0.1:8080; #Tomcat的8080端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
检查配置文件是否正确命令
nginx -t
然后重启nginx服务后,就可以使用https协议访问你的域名了。
systemctl restart nginx