记录一下nginx的https证书配置内容,可能并不通用,仅做参考:
server {
listen 443; #指定ssl监听端口
server_name localhost; #服务器域名
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/cc.pem; #指定服务器证书路径
ssl_certificate_key cert/cc.key; #指定私钥证书路径
ssl_session_cache shared:SSL:10m; #SSL会话缓存10MB
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location = /f5check.html {
proxy_pass http://nginxs;
root html;
}
location /clientdata {
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_pass http://nginxs;
}
location /eventlog {
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_pass http://nginxs;
}
location /usinglog {
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_pass http://nginxs;
}
location /errorlog {
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_pass http://nginxs;
}
location /appinfo {
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_pass http://nginxs;
}
location / {
root html;
index index.html index.htm;
}
}需要注意的是,我这边使用了非线上颁发的证书,弄了很久都没有完成。后来使用了线上的证书之后,通过当前的配置就可以解决这个https访问的问题。
需要修改的地方主要是证书的位置,其他的依据需求进行修改即可。