openresty(nginx) 配置 http与https使用同一个端口，禁止 IP 直接访问

准备好工作目录

mkdir work
cd work
mkdir conf logs

准备好 conf/nginx.conf 配置文件, 把 your.domain 换成你自己的域名

user abcd; ## 换成自己的 user
worker_processes  1;
error_log logs/error.log warn;
events {
    worker_connections 1024;
}

http {
    resolver 114.114.114.114 ipv6=off;

    lua_package_path '${prefix}lua/?.lua;;';
    lua_code_cache on;

    ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    lua_ssl_verify_depth 2;
    lua_ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.crt;

    sendfile on;

    server {
        listen 8080 ssl;
        server_name your.domain;
        keepalive_timeout 70;
	
        ## http://domain.name:8080 自动跳转到 https://domain.name:8080
        error_page 497 301 =307 https://$host:$server_port$request_uri;

        location ~ ^/api/([-_a-zA-Z0-9/]+) {
            access_by_lua_file lua/access_check.lua;

            content_by_lua_file lua/$1.lua;

        }

        location / {
            default_type text/html;
            content_by_lua_block {
                ngx.say("<p>hello, world</p>")
            }
        }
    }

    server { ## 禁止 ip 直接访问
        listen 8080 default_server;
        server_name _;
        return 500;
    }
}

openresty 启动

cd work
openresty -p `pwd` -c conf/nginx.conf

-p 指定工作目录
-c 指定配置文件

reload 配置文件也要带上启动时的 -p -c

openresty -p `pwd` -c conf/nginx.conf -s reload