nginx 配置http和https验证

申请SSL证书

在腾讯云申请

 

 

 

 

 

 申请成功后下载到本地,上传到服务器上

 

 

 

nginx配置

假设项目名称为flask_demo

vim /etc/nginx/nginx.conf

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    #include /etc/nginx/conf.d/*.conf;
    #增加配置文件
    include /etc/nginx/demo.d/flask_demo.conf;
}

 

把证书文件拷贝到demo.d文件夹中

 

 

 

flask_demo配置

监听http和https两个端口

server {
        listen 80 default backlog=2048;
        listen 443 ssl;
        server_name xx.xx.cn; #你自己的域名
        #证书文件名称
        ssl_certificate demo.d/1_xx.xx.cn_bundle.crt; #你自己的证书
        #私钥文件名称
        ssl_certificate_key demo.d/xx.xx.cn.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        charset UTF-8;
        access_log      /var/log/nginx/myweb_access.log;
        error_log       /var/log/nginx/myweb_error.log;

        client_max_body_size 75M;

        location / {
                try_files $uri @yourapplication1;
        }
      location @yourapplication1 {
      include uwsgi_params;
      uwsgi_pass unix:/home/ubuntu/data/www/logs/demo.sock;
      uwsgi_read_timeout 1800;
      uwsgi_send_timeout 300;
    }
}

如果htttp访问的时候,报错如下:

400 Bad Request
The plain HTTP requset was sent to HTTPS port. Sorry for the inconvenience.
……
 
原因可能是http的请求被发送到https的端口上去了,所以才会出现这样的问题。
把ssl on;这行去掉

验证

https:

 

 http:

 

 

 

 

HTTP 自动跳转 HTTPS 的安全配置

server {
        #listen 80 default backlog=2048;
        listen 443 ssl;
        server_name xx.xx.cn;
        #证书文件名称
        ssl_certificate demo.d/1_xx.cn_bundle.crt;
        #私钥文件名称
        ssl_certificate_key demo.d/2_xx.cn.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        charset UTF-8;
        access_log      /var/log/nginx/myweb_access.log;
        error_log       /var/log/nginx/myweb_error.log;

        client_max_body_size 75M;

        location / {
                try_files $uri @yourapplication1;
        }
      location @yourapplication1 {
      include uwsgi_params;
      uwsgi_pass unix:/home/ubuntu/data/www/logs/demo.sock;
      uwsgi_read_timeout 1800;
      uwsgi_send_timeout 300;
    }
}
server {
        listen 80;
        server_name xx.cn; #你自己的域名
      rewrite ^(.*) https://xx.cn$1 permanent;#把http的域名请求转成https
  }

 

 验证:

 

 

 

 

 

posted @ 2020-04-18 10:55  一只小小的寄居蟹  阅读(3443)  评论(0编辑  收藏  举报