- 安装nginx
yum -y install nginx
- 去云服务厂商购买一个域名,阿里云、华为云等都可以,获取ssl证书
这一步 自己去做
- 下载ssl证书结业并上传到服务器
修改ssl证书位置
mv 证书文件夹名称 /usr/share/nginx/ssl
- 配置nginx.conf
cd /etc/nginx
先备份一份初始配置文件,防止出错或以后重置
cp nginx.conf nginx-backup.conf
配置
vim nginx.conf
第一步:把原来的server全部打上注解
第二步:添加两个server,配置上我们的信息
# PC端https配置 server{ # 监听443端口 listen 443 ssl; server_name soldier.xin; ssl_certificate /usr/share/nginx/ssl/4275472_soldier.xin.pem; ssl_certificate_key /usr/share/nginx/ssl/4275472_soldier.xin.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; location / { root /usr/share/nginx/html; index index.html index.htm; } location /api { rewrite ^.+api/?(.*)$ /$1 break; include uwsgi_params; # 实际后台服务器地址,此地址就是http的,可以实现https转发http(因为前端后台部署在同一台服务器) proxy_pass http://localhost:8082; proxy_set_header Cookie $http_cookie; proxy_set_header Host $host:$server_port; proxy_set_header Remote_Addr $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 1000m; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server{ # 监听80端口:将80端口的请求转到443 listen 80; server_name wdy.springbless.xin; rewrite ^/(.*)$ https://soldier.xin:443/$1 permanent; }
- 启动、重启nginx
# 启动 systemctl start nginx # 重启 systemctl restart nginx # 停止 systemctl stop nginx # 开机默认启动 systemctl enable nginx
- 检验是否配置成功