Nginx 配置SSL证书和反向代理

安装Nginx

此处省略一千字......

一,反向代理

进入安装Nginx的目录/usr/local/nginx/conf

  • 修改nginx.conf配置文件
########################## Blog #############################
  server {
    listen       80;
    server_name  你的域名;
    access_log /data/wwwlogs/blog_nginx.log combined;
    //rewrite ^(.*) https://$host$1 permanent; #拥有自动跳转Https
    
    location / {
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://ip:端口号;
    }
  }
  • 然后进入/usr/local/nginx/sbin目录使用nginx -t检测Nginx配置文件是否有错误,以下是返回配置文件正确的结果
[root@VM_0_16_centos sbin]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
  • 配置文件正确了之后重启Nginx服务
[root@VM_0_16_centos sbin]# service nginx reload  #注:如手工更改配置文件,强烈建议 reload
Redirecting to /bin/systemctl reload nginx.service
[root@VM_0_16_centos sbin]# service nginx stop  #停止Nginx 这里可以用service nginx restart 重启Nginx
Redirecting to /bin/systemctl stop nginx.service    
[root@VM_0_16_centos sbin]# service nginx start  #启动Nginx
Redirecting to /bin/systemctl start nginx.service
[root@VM_0_16_centos sbin]# service nginx status  #查看Nginx运行状态
Redirecting to /bin/systemctl status nginx.service
● nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-09-28 23:20:22 CST; 9s ago
     Docs: http://nginx.org/en/docs/
  Process: 29709 ExecStop=/usr/local/nginx/sbin/nginx -s stop (code=exited, status=0/SUCCESS)
  Process: 29675 ExecReload=/usr/local/nginx/sbin/nginx -s reload (code=exited, status=0/SUCCESS)
  Process: 29744 ExecStartPost=/bin/sleep 0.1 (code=exited, status=0/SUCCESS)
  Process: 29740 ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
  Process: 29739 ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 29743 (nginx)
   CGroup: /system.slice/nginx.service
           ├─29743 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
           └─29745 nginx: worker process

二,配置SSL证书

还是进入安装Nginx的目录/usr/local/nginx/conf

  • 申请SSL证书

我是申请腾讯云的SSL证书
把申请到的1_xxx_bundle.crt和2_xxx.key放在和nginx.conf同一个
目录下/usr/local/nginx/conf

  • 修改nginx.conf配置文件
########################## Blog #############################
  server {
    listen       80;
    server_name  你的域名;
    access_log /data/wwwlogs/blog_nginx.log combined;
    rewrite ^(.*) https://$host$1 permanent; #这里就可以用到自动跳转Https了
    
    location / {
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://ip:端口号;
    }
  }
########################## HTTPS-Blog #############################
  server {
        listen 443;
        server_name xxx; #填写绑定证书的域名<==>xxx
        ssl on;
        ssl_certificate 1_xxx_bundle.crt; #填写绑定证书的域名<==>xxx
        ssl_certificate_key 2_xxx.key; #填写绑定证书的域名<==>xxx
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
          proxy_redirect off;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_pass http://ip:端口号;
        }
    }
  • 根据上面的检测配置文件和重启Nginx服务步骤在重复一遍
service nginx reload 
service nginx restart 

参考文章:

腾讯云证书安装指引