Ubuntu 阿里云 nginx 证书安装后浏览器访问不安全提
2022-09-17 本文已影响0人
Rinaloving
1. 背景
-
阿里云ubuntu 18.04 安装 nginx 证书后,https 访问 提示不安全,如下图所示
不安全.png
2. 分析
-
这是为什么呢,网上大多数都是二级域名的问题,但是客户截图过来确实不是这个问题。
二级域名.jpg
-
最后nignx 配置也没问题,继续百度相关证书安全问题,最后一篇,可以在 f12 浏览器安全中查看具体不安全的原因,于是我发现了是我的后端接口地址
问题,我用的是ip ,而不是域名
不安全来源.png
-
顺着这个思路,我们就把前端指向的地址改了(修改 server.js 文件)。
cat /usr/share/nginx/html/server.js
window.app = {
VUE_APP_BASE_API: 'https://cloud.***.com/api',
VUE_APP_IMAGE_URL: 'https://cloud.***.com/Data/',
VUE_APP_LOG_URL: 'https://cloud.***.com/Log',
VUE_APP_DOWNLOAD_URL: 'https://cloud.***.com/DownLoad/',
VUE_APP_LOG_URL: 'https://cloud.***.com/Log/',
Version: '(V1.0.2)'
}
- 修改 nginx.conf 文件
cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http{
#server{
# listen 80;
# server_name cloud.***.com;
# location / {
# root /usr/share/nginx/html;
# try_files $uri $uri/ @router;
# index index.html;
# }
#}
server {
listen 80;
#请填写绑定证书的域名
server_name cloud.***.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
##
# Basic Settings
##
client_max_body_size 2000M; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请>求的最大字节数
fastcgi_intercept_errors on;
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server{
##
# SSL Settings
##
listen 443 ssl;
server_name cloud.***.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate cert/8444101_cloud.***.com.pem;
ssl_certificate_key cert/8444101_cloud.***.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#例如,您的网站主页在 Nginx 服务器的 /etc/www 目录下,则请修改 root 后面的 html 为 /etc/www。
root /usr/share/nginx/html;
index index.html index.htm;
}
location /api {
proxy_pass http://120.77.***.195:6557/api; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Data {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified- Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
#后端接口配置
proxy_pass http://120.77.***.195:6557/Data; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Log { #后端接口配置
proxy_pass http://120.77.***.195:6557/Log; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /DownLoad { #后端接口配置
proxy_pass http://120.77.***.195:6557/DownLoad; #本机的9999后端api接口,注意这个端口是要和yaml文件的端口一致
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
3. 重启 nginx , 成功!
// 停止
nginx -s stop
// 启动
nginx
安全结果.png
