腾讯云配置证书
免费获取证书
下载证书
下载侯上传至服务器解压
将crt和key文件拷贝到nginx配置网站目录
nginx配置
安装nginx
yun install nginx -y
nginx配置server如下
将 80 443端口请求对应api转到后端对应得微服务 可能在本地 也可能在其他主机或虚拟机
参考项目nginx配置如下
upstream websocket {
server 192.118.60.88:33305; # Websocket服务地址
}
server {
listen 192.118.60.88::8000;
listen 192.118.60.88::443 ssl;
listen 192.118.60.88::4433 ssl;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
ssl_certificate /root/ssl/server.crt;
ssl_certificate_key /root/ssl/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!SSLv2:!SSLv3:!ECDHE-RSA-AES256-SHA384:!AES256-SHA256:!ECDHE-RSA-AES128-SHA256:!AES128-SHA256;
ssl_prefer_server_ciphers on;
proxy_connect_timeout 60000;
proxy_send_timeout 60000;
proxy_read_timeout 60000;
underscores_in_headers on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
root /opt/haihe/front/dist/front/static;
index index.html index.htm;
proxy_request_buffering off;
proxy_buffering off;
client_max_body_size 102400M;
location / {
gzip_static on;
add_header Cache-Control no-store;
try_files $uri $uri/ /index.html;
}
location ^~ /files/book/ {
gzip_static on;
expires max;
add_header Cache-Control public;
# root /opt/haihe/front/dist/;
}
location ~ .*/vapp/.*\.(png|ico)$ {
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
root /upload/packages/;
}
location ~* \.(gif|jpg|svg|jpeg|png|css|js|ico|mp3|MP3|tmpl)$ {
gzip_static on;
expires max;
add_header Cache-Control public;
root /opt/haihe/front/dist/;
}
location ^~ /workers/ {
root /opt/haihe/front/dist/front/static/;
}
location ~* \.(eot|svg|ttf|woff|woff2)$ {
gzip_static on;
expires max;
add_header Cache-Control no-store;
root /opt/haihe/front/dist/;
}
location ~* \.(msi|rar|mp3|MP3)$ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ^~ /websocket {
proxy_pass http://websocket;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://view-server:33601/; # view-server配置在hosts文件
}
location /uploadUpgradeFile {
proxy_pass http://view-server:33601/terminal-pkg/uploadUpgradeFile;
}
location /api/notification/health {
proxy_pass http://view-message:11305/check; # msg check
}
location /healthForCS {
proxy_set_header IsFilterData "True";
proxy_pass http://view-server:33601/profile/healthForCS;
}
location /listLicenseForCS {
proxy_pass http://view-server:33601/license/listLicenseForCS;
}
location /uploadImage {
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set $flag 0;
set $upload_method POST;
if ($http_x_zone_ip != '') {
set $flag upload;
}
if ($http_x_iaas_type = 'OSTACKP') {
set $flag "${flag}OSTACKP";
}
if ($flag = "upload") {
proxy_pass https://$http_x_zone_ip/uploadapi/uploadImageByHttp;
}
if ($flag = "uploadOSTACKP") {
set $upload_method PUT;
proxy_pass http://$http_x_zone_ip$http_x_image_url;
}
proxy_method $upload_method;
}
location /files/ {
#autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
root /upload/packages/;
}
}
server {
listen 127.0.0.1:33602;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_connect_timeout 600;
client_max_body_size 500M;
location /files/ {
#autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
root /upload/packages/;
}
}
server {
listen 192.118.60.88:80;
rewrite ^ https://$host:33609$request_uri? permanent;
}
server {
listen 192.118.60.88:11609 ssl;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
ssl_certificate /root/ssl/server.crt;
ssl_certificate_key /root/ssl/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!SSLv2:!SSLv3:!ECDHE-RSA-AES256-SHA384:!AES256-SHA256:!ECDHE-RSA-AES128-SHA256:!AES128-SHA256;
ssl_prefer_server_ciphers on;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
root /opt/haihe/front/dist/downloadPortal;
index index.html index.htm;
proxy_request_buffering off;
proxy_buffering off;
client_max_body_size 300M;
location / {
gzip_static on;
add_header Cache-Control no-store;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://view-server:33601/;
}
location /files/ {
#autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
root /upload/packages/;
}
}
参考:
https://blog.csdn.net/efew212efe/article/details/124045429
