1.证书制作
可以参考这个网站进行制作证书;进入网站填写域名,进行制作证书
SSL证书生成 (lddgo.net)https://www.lddgo.net/encrypt/ssl
2.将证书下载放到nginx的证书目录
本例,nginx用docker部署,提前做好nginx docker的配置
nginx,docker-compose 配置
version: "3.1"
services:
nginx:
image: nginx:stable-alpine
container_name: nginx
ports:
- 8001:8001
- 80:80
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/cert:/etc/nginx/cert
- ./logs/nginx:/var/log/nginx
- ./phpmyadmin:/var/project/phpmyadmin
- ./c-front:/var/project/c_frontend
restart: always
修改nginx配置文件
server {
listen 80;
server_name yuming.com;
return 301 https://yuming.com:8001$request_uri;#配置80端口转发到https://yuming.com:8001
}
server{
listen 8001 ssl;
server_name yuming.com;
ssl on;
ssl_certificate /etc/nginx/cert/cert.pem;
ssl_certificate_key /etc/nginx/cert/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
error_page 497 301 https://$http_host$request_uri;
charset UTF8;
location / {
root /var/project/c_frontend;
}
location /api {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://192.168.103.206:8002;
}
}
3.重新启动docker nginx
其他:
# HTTP 自动跳转 HTTPS
rewrite ^(.*) https://$server_name$1 permanent;
}
#web download配置
server {
listen 80;
server_name example.com;
root /usr/share/nginx/html;
location /downloads {
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
}
}