Nginx配置阿里云免费https

一、准备材料

  1、购买域名(www.example.com)

  2、Linux阿里云服务器一台

二、步骤

  1、配置域名解析

    1)、到购买域名平台修改DNS修改为阿里云的DNS,一般需要两个分别是ns1.alidns.com,ns2.alidns.com。

      此处以新网为例:

        

 

 

    2)、登录阿里云后台管理---云解析DNS

      ①、添加域名

                  

    ②、解析设置

      

    ③、添加I记录

 

     3)、到处域名解析配置已完成,验证域名解析是否正确

     

     解析配置完成之后可能会出现延迟生效、需要等待几分钟才能ping通

   2、申请阿里云免费ssl证书

    请参考:https://bbs.aliyun.com/read/573933.html?spm=5176.10695662.1996646101.searchclickresult.10ca4738CkwxCR

  3、阿里云安全组配置

    进入阿里云后台管理点击虚拟机实例---安全组配置----开放80和443端口并拒绝所有其他IP链接

 

  4、Linux服务器配置

    1)、安装Nginx

    2)、配置Nginx

      

  1 #user  nobody;
  2 worker_processes  1;
  3 
  4 #error_log  logs/error.log;
  5 #error_log  logs/error.log  notice;
  6 #error_log  logs/error.log  info;
  7 
  8 #pid        logs/nginx.pid;
  9 
 10 
 11 events {
 12     worker_connections  1024;
 13 }
 14 
 15 
 16 http {
 17     include       mime.types;
 18     default_type  application/octet-stream;
 19 
 20     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
 21     #                  '$status $body_bytes_sent "$http_referer" '
 22     #                  '"$http_user_agent" "$http_x_forwarded_for"';
 23 
 24     #access_log  logs/access.log  main;
 25 
 26     proxy_redirect off;
 27     proxy_set_header Host $host;
 28     proxy_set_header X-Real-IP $remote_addr;
 29     proxy_set_header X-Forwarded_For $proxy_add_x_forwarded_for;
 30     client_max_body_size 100m;
 31     client_body_buffer_size 128k;
 32 
 33     sendfile        on;
 34     #tcp_nopush     on;
 35 
 36     #keepalive_timeout  0;
 37     keepalive_timeout  65;
 38 
 39     gzip on;
 40     gzip_min_length 1k;
 41     gzip_buffers 4 16k;
 42     #gzip_http_version 1.0;
 43     gzip_comp_level 2;
 44     gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
 45     gzip_vary off;
 46     gzip_disable "MSIE [1-6]\.";
 47     upstream hkser {
 48         server   122.10.99.136 weight=1 max_fails=1 fail_timeout=30s;
 49     }
 50 
 51     server {
 52         listen       80;
 53         server_name  www.example.com;
 54 
 55         #charset koi8-r;
 56 
 57         #access_log  logs/host.access.log  main;
 58 
 59         rewrite ^(.*)$  https://$server_name$1 permanent; 
 60 
 61         #error_page  404              /404.html;
 62 
 63         # redirect server error pages to the static page /50x.html
 64         #
 65         error_page   500 502 503 504  /50x.html;
 66         location = /50x.html {
 67             root   html;
 68         }
 69     }
 70 
 71     
 72 
 73     server {
 74         listen 443;
 75         server_name mobile.example.com;
 76         ssl on;
 77         root html;
 78         index index.html index.htm;
       #注意:此处需要把证书文件放到conf/cert下面
 79         ssl_certificate   cert/215015631940718.pem;
 80         ssl_certificate_key  cert/215015631940718.key;
 81         ssl_session_timeout 5m;
 82         ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 83         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 84         ssl_prefer_server_ciphers on;
 85 
 86         location =/ {
 87             proxy_next_upstream http_502 http_504 error timeout invalid_header;
 88             proxy_set_header Host $host;
 89             proxy_set_header X-Real-IP $remote_addr;
 90             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 91             proxy_pass http://127.0.0.1:8080;
 92             proxy_redirect off;
 93         }
 94 
 95         location / {
 96             proxy_next_upstream http_502 http_504 error timeout invalid_header;
 97             proxy_set_header Host $host;
 98             proxy_set_header X-Real-IP $remote_addr;
 99             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
100             proxy_pass http://127.0.0.1:8080;
101             proxy_redirect off;
102         }
103     }
104 
105     server {
106         listen 443;
107         server_name www.example.com;
108         ssl on;
109         root html;
110         index index.html index.htm;
      #注意:此处需要把证书文件放到conf/cert下面
111 ssl_certificate cert/215009967180718.pem; 112 ssl_certificate_key cert/215009967180718.key; 113  ssl_session_timeout 5m; 114 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; 115 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 116  ssl_prefer_server_ciphers on; 117 118 location =/ { 119  proxy_next_upstream http_502 http_504 error timeout invalid_header; 120  proxy_set_header Host $host; 121 proxy_set_header X-Real-IP $remote_addr; 122 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 123 proxy_pass http://127.0.0.1:8081/51JD; 124  proxy_redirect off; 125  } 126 127 location /mobile { 128  proxy_next_upstream http_502 http_504 error timeout invalid_header; 129  proxy_set_header Host $host; 130 proxy_set_header X-Real-IP $remote_addr; 131 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 132 proxy_pass http://127.0.0.1:8081/mobile; 133  proxy_redirect off; 134  } 135 136 137  } 138 }

 

  

posted on 2018-09-19 14:06  厚积薄发18340  阅读(550)  评论(0)    收藏  举报

导航