云服务器http https ssl证书配置nginx 前后端解决方案
第一步:参考云服务ssl证书安装官方文档 ,以腾讯云为例:
https://cloud.tencent.com/document/product/400/35244
申请证书、下载证书、上传证书
第二步:nginx配置
参考博主网站
nginx.conf代码如下
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream luffy {
#ip_hash;
server 172.16.0.10:9000;
server 172.16.0.10:9001;
#server 172.16.0.10:9002;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
rewrite ^(.*)$ https://$host$1 permanent; #把http的域名请求转成https
root /home/luffycity/dist;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443;
server_name iamironman.cn; #填写绑定证书的域名
ssl on;
ssl_certificate crt/1_iamironman.cn_bundle.crt;#证书文件名称
ssl_certificate_key crt/2_iamironman.cn.key;#私钥文件名称
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #请按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#请按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
root /home/luffycity/dist; #网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 8000;
server_name api.iamironman.cn;
ssl on;
ssl_certificate crt/1_api.iamironman.cn_bundle.crt;#证书文件名称
ssl_certificate_key crt/2_api.iamironman.cn.key;#私钥文件名称
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #请按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#请按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
include uwsgi_params;
uwsgi_pass luffy;
}
location /static {
alias /home/luffy/static;
}
location /media {
alias /home/luffy/static;
}
}
server {
listen 9520;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/520/9520/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 10520;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/520/10520/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 11520;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /home/520/11520/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
nginx -t
nginx -s reload
第三步:如果后端之前是http的内容,前段需要在index.html里面的<head>标签加上一行代码:
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
第四步:项目的前后端代码里面,自己开发的涉及到http的地方换成https
博主的iamironman.cn
前端改了./src/settings.js 一行代码:
export default{
Host:'https://保密',
}
后端改了./luffy.settings/prod.py 二行代码:
ALIPAY_RETURN_URL = 'https://www.iamironman.cn/success'
ALIPAY_NOTIFY_URL = 'https://保密'
博主的前后端项目代码都在本地
前端是vue的,所以
npm run build
前后端都要:
git add .
git commit -m 'https'
git push
然后ssh到云服务器前后端
git pull
记得重启下后端的uwsgi
uwsgi --stop uwsgi.pid 或者ps -ef 然后kill -9 uwsgi的pid
uwsgi --ini uwsgi.ini
浙公网安备 33010602011771号