云服务器httphttpsssl证书配置nginx前后端解决方案
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
云服务器httphttpsssl证书配置nginx前后端解决⽅案第⼀步:参考云服务ssl证书安装官⽅⽂档,以腾讯云为例:
申请证书、下载证书、上传证书
第⼆步:nginx配置
参考博主⽹站
nginx.conf代码如下
# For more information on configuration, see:
# * Official English Documentation: /en/docs/
# * Official Russian Documentation: /ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See /en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream luffy {
#ip_hash;
server 172.16.0.10:9000;
server 172.16.0.10:9001;
#server 172.16.0.10:9002;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
rewrite ^(.*)$ https://$host$1 permanent; #把http的域名请求转成https
root /home/luffycity/dist;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443;
server_name ; #填写绑定证书的域名
ssl on;
ssl_certificate crt/1__bundle.crt;#证书⽂件名称
ssl_certificate_key crt/2_.key;#私钥⽂件名称
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #请按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#请按照这个套件配置 ssl_prefer_server_ciphers on;
location / {
root /home/luffycity/dist; #⽹站主页路径。
此路径仅供参考,具体请您按照实际⽬录操作。
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 8000;
server_name ;
ssl on;
ssl_certificate crt/1__bundle.crt;#证书⽂件名称
ssl_certificate_key crt/2_.key;#私钥⽂件名称
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #请按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#请按照这个套件配置 ssl_prefer_server_ciphers on;
location / {
include uwsgi_params;
uwsgi_pass luffy;
}
location /static {
alias /home/luffy/static;
}
location /media {
alias /home/luffy/static;
}
}
server {
listen 9520;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/520/9520/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 10520;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/520/10520/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html #
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 11520;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/520/11520/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html #
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key"; # ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
nginx -t
nginx -s reload
第三步:如果后端之前是http的内容,前段需要在index.html⾥⾯的<head>标签加上⼀⾏代码:<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
第四步:项⽬的前后端代码⾥⾯,⾃⼰开发的涉及到http的地⽅换成https
博主的
前端改了./src/settings.js ⼀⾏代码:
export default{
Host:'https://保密',
}
后端改了./luffy.settings/prod.py ⼆⾏代码:
ALIPAY_RETURN_URL = 'https:///success'
ALIPAY_NOTIFY_URL = 'https://保密'
博主的前后端项⽬代码都在本地
前端是vue的,所以
npm run build
前后端都要:
git add .
git commit -m 'https'
git push
然后ssh到云服务器前后端
git pull
记得重启下后端的uwsgi
uwsgi --stop uwsgi.pid 或者ps -ef 然后kill -9 uwsgi的pid
uwsgi --ini uwsgi.ini。