Linux SSL證書(shū)安裝

1. 查找nginx 的安裝位置:
root@VERDE-SICC-APPLICATION1:/# find / -name 'nginx'
/home/apache/blueview-tomcat/webapps/ROOT/static/vendor/editormd/lib/codemirror/mode/nginx
/etc/default/nginx
/etc/nginx
/etc/logrotate.d/nginx
/etc/init.d/nginx
/etc/ufw/applications.d/nginx
/var/lib/nginx
/var/log/nginx
/usr/lib/nginx
/usr/sbin/nginx
/usr/share/nginx
/usr/share/doc/nginx
root@VERDE-SICC-APPLICATION1:/# find / -name 'nginx.conf'
/etc/nginx/nginx.conf
2. 上傳證書(shū):
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
conf.d        fastcgi_params  koi-win     modules-available  nginx.conf    scgi_params      sites-enabled  uwsgi_params
fastcgi.conf  koi-utf         mime.types  modules-enabled    proxy_params  sites-available  snippets       win-utf
root@VERDE-SICC-APPLICATION1:/etc/nginx# mkdir cert
root@VERDE-SICC-APPLICATION1:/etc/nginx# rz
 ZMODEM  Session started            e50
------------------------            
 Sent  8444101_cloud.hnverde.com_nginx.zip               
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
8444101_cloud.hnverde.com_nginx.zip  conf.d        fastcgi_params  koi-win     modules-available  nginx.conf    scgi_params      sites-enabled  uwsgi_params
cert                                 fastcgi.conf  koi-utf         mime.types  modules-enabled    proxy_params  sites-available  snippets       win-utf
root@VERDE-SICC-APPLICATION1:/etc/nginx#
3. 移動(dòng)證書(shū)到 cert 文件夾
root@VERDE-SICC-APPLICATION1:/etc/nginx# mv 8444101_cloud.hnverde.com_nginx.zip cert
root@VERDE-SICC-APPLICATION1:/etc/nginx# ls
cert    fastcgi.conf    koi-utf  mime.types         modules-enabled  proxy_params  sites-available  snippets      win-utf
conf.d  fastcgi_params  koi-win  modules-available  nginx.conf       scgi_params   sites-enabled    uwsgi_params
root@VERDE-SICC-APPLICATION1:/etc/nginx# cd cert
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# ls
8444101_cloud.hnverde.com_nginx.zip
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# unzip 8444101_cloud.hnverde.com_nginx.zip 
Archive:  8444101_cloud.hnverde.com_nginx.zip
Aliyun Certificate Download
  inflating: 8444101_cloud.hnverde.com.pem  
  inflating: 8444101_cloud.hnverde.com.key  
root@VERDE-SICC-APPLICATION1:/etc/nginx/cert# ls
8444101_cloud.hnverde.com.key  8444101_cloud.hnverde.com_nginx.zip  8444101_cloud.hnverde.com.pem
4. 配置
server{
        listen 443 ssl;
        server_name cloud.hnverde.com;
        root /usr/share/nginx/html;
        index index.html index.htm;
        ssl_certificate cert/8444101_cloud.hnverde.com.pem;
        ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        location / {
                 root /usr/share/nginx/html;
                 proxy_pass http://cloud.hnverde.com;
                 index index.html index.htm;
       }

       location ~ .*.(jpg|jpeg|gif|png|swf|rar|zip|css|js)$ {
                 proxy_pass http://cloud.hnverde.com;
       }

}
5. 完整nginx.conf 配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http{


server{
                listen 80;
                server_name  cloud.hnverde.com;
                location / {
                        root /usr/share/nginx/html;
                        try_files $uri $uri/ @router;
                        index index.html;
                }


        location @router {
            rewrite ^.*$ https://$host$1;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        

        ##
        # Basic Settings
        ##

        sendfile off;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##
            listen 443 ssl;
        server_name cloud.hnverde.com;
        root /usr/share/nginx/html;
        index index.html index.htm;
        ssl_certificate cert/8444101_cloud.hnverde.com.pem;
        ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        #include /etc/nginx/conf.d/*.conf;
        #include /etc/nginx/sites-enabled/*;
}
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
# 
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}
https.png
6. 前端可以了,但是后臺(tái)還不是https 的,所以顯示跨域問(wèn)題

#  重新加載配置
nginx -s reload
7. 后臺(tái)以轉(zhuǎn)發(fā)方式完成,配置如下
代理轉(zhuǎn)發(fā)過(guò)程.png

nginx.conf 配置

user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http{


#server{
#                listen 80;
#                server_name  cloud.****.com;
               
#                location / {
#                        root /usr/share/nginx/html;
#                        try_files $uri $uri/ @router;
 #                       index index.html;
#                }
#}
server {
    listen 80;
    #請(qǐng)?zhí)顚?xiě)綁定證書(shū)的域名
    server_name cloud.***.com; 
    #把http的域名請(qǐng)求轉(zhuǎn)成https
    return 301 https://$host$request_uri; 
}

        ##
        # Basic Settings
        ##

        sendfile off;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

server{
        ##
        # SSL Settings
        ##
        listen 443 ssl;
        server_name cloud.hnverde.com;
        root /usr/share/nginx/html;
        index index.html index.htm;
        ssl_certificate cert/8444101_cloud.***.com.pem;
        ssl_certificate_key cert/8444101_cloud.****.com.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        location / {
        #網(wǎng)站主頁(yè)路徑。此路徑僅供參考,具體請(qǐng)您按照實(shí)際目錄操作。 
        #例如,您的網(wǎng)站主頁(yè)在 Nginx 服務(wù)器的 /etc/www 目錄下,則請(qǐng)修改 root 后面的 html 為 /etc/www。
        root /usr/share/nginx/html;
        index index.html index.htm;
    } 
        location /api {                           #后端接口配置
           proxy_pass http://120.77.**.**:6557/api; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        #include /etc/nginx/conf.d/*.conf;
        #include /etc/nginx/sites-enabled/*;
}
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
# 
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}
8. 訪問(wèn)地址:

https://120...195:443/api/Login/GetCode

訪問(wèn)后臺(tái).png
9. 同理,server.js 里面配置也要變:
server.js.2.png
10. 補(bǔ)充,項(xiàng)目圖片放在Data目錄下,所以要在 nginx.conf 加入

  location /Data {                           #獲取后端圖片
           proxy_pass http://120.77.144.195:6557/Data; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }

// 同理
      
  location /Log {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/Log; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
      
          
  location /DownLoad {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/DownLoad; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
  • 部分頁(yè)面 Data 下面的圖片單獨(dú)訪問(wèn)沒(méi)問(wèn)題,在頁(yè)面中訪問(wèn)就會(huì)跨域(調(diào)用騰訊地圖,并替換底圖的圖片),修改如下
  location /Data { 
            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
              add_header 'Access-Control-Allow-Credentials' 'true' always;
              add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
              add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-  Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
           #后端接口配置
           proxy_pass http://120.77.144.195:6557/Data; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
  • 完整的 nginx.conf 如下:
root@VERDE-SICC-APPLICATION1:~# cat /etc/nginx/nginx.conf 
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http{


#server{
#                listen 80;
#                server_name  cloud.hnverde.com;
               
#                location / {
#                        root /usr/share/nginx/html;
#                        try_files $uri $uri/ @router;
 #                       index index.html;
#                }
#}
server {
    listen 80;
    #請(qǐng)?zhí)顚?xiě)綁定證書(shū)的域名
    server_name cloud.hnverde.com; 
    #把http的域名請(qǐng)求轉(zhuǎn)成https
    return 301 https://$host$request_uri; 
}

        ##
        # Basic Settings
        ##

        sendfile off;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

server{
        ##
        # SSL Settings
        ##
        listen 443 ssl;
        server_name cloud.hnverde.com;
        root /usr/share/nginx/html;
        index index.html index.htm;
        ssl_certificate cert/8444101_cloud.hnverde.com.pem;
        ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        location / {
        #網(wǎng)站主頁(yè)路徑。此路徑僅供參考,具體請(qǐng)您按照實(shí)際目錄操作。 
        #例如,您的網(wǎng)站主頁(yè)在 Nginx 服務(wù)器的 /etc/www 目錄下,則請(qǐng)修改 root 后面的 html 為 /etc/www。
        root /usr/share/nginx/html;
        index index.html index.htm;
    } 
        location /api {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/api; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
  location /Data {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/Data; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }

          location /Log {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/Log; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
          
                  
  location /DownLoad {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/DownLoad; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
          
        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        #include /etc/nginx/conf.d/*.conf;
        #include /etc/nginx/sites-enabled/*;
}
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
# 
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}
11. 上傳限制
  • nginx.conf 加入如下配置
 client_max_body_size 2000M; #允許客戶端請(qǐng)求的最大單文件字節(jié)數(shù)
client_body_buffer_size 128k; #緩沖區(qū)代理緩沖用戶端請(qǐng)>求的最大字節(jié)數(shù)
fastcgi_intercept_errors on;
  • nginx.conf 完整配置如下:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http{


#server{
#                listen 80;
#                server_name  cloud.hnverde.com;
               
#                location / {
#                        root /usr/share/nginx/html;
#                        try_files $uri $uri/ @router;
 #                       index index.html;
#                }
#}
server {
    listen 80;
    #請(qǐng)?zhí)顚?xiě)綁定證書(shū)的域名
    server_name cloud.hnverde.com; 
    #把http的域名請(qǐng)求轉(zhuǎn)成https
    return 301 https://$host$request_uri; 
}

        ##
        # Basic Settings
        ##
        client_max_body_size 2000M; #允許客戶端請(qǐng)求的最大單文件字節(jié)數(shù)
client_body_buffer_size 128k; #緩沖區(qū)代理緩沖用戶端請(qǐng)>求的最大字節(jié)數(shù)
fastcgi_intercept_errors on;
        sendfile off;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

server{
        ##
        # SSL Settings
        ##
        listen 443 ssl;
        server_name cloud.hnverde.com;
        root /usr/share/nginx/html;
        index index.html index.htm;
        ssl_certificate cert/8444101_cloud.hnverde.com.pem;
        ssl_certificate_key cert/8444101_cloud.hnverde.com.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        location / {
        #網(wǎng)站主頁(yè)路徑。此路徑僅供參考,具體請(qǐng)您按照實(shí)際目錄操作。 
        #例如,您的網(wǎng)站主頁(yè)在 Nginx 服務(wù)器的 /etc/www 目錄下,則請(qǐng)修改 root 后面的 html 為 /etc/www。
        root /usr/share/nginx/html;
        index index.html index.htm;
    } 
        location /api {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/api; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
  location /Data { 
            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
              add_header 'Access-Control-Allow-Credentials' 'true' always;
              add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
              add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-  Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
           #后端接口配置
           proxy_pass http://120.77.144.195:6557/Data; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }

          location /Log {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/Log; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
          
                  
  location /DownLoad {                           #后端接口配置
           proxy_pass http://120.77.144.195:6557/DownLoad; #本機(jī)的9999后端api接口,注意這個(gè)端口是要和yaml文件的端口一致
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }
          
        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        #include /etc/nginx/conf.d/*.conf;
        #include /etc/nginx/sites-enabled/*;
}
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
# 
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容