# StringBoot项目配置SSL证书及配置Nginx ##

一、证书相关命令

1.key转换成.pem

openssl rsa -in example.key -out example.pem

2.crt转换成.pem

openssl x509 -in example.crt -out example.pem

二、配置流程

1.在nginx目录下创建cert文件夹，导入证书文件及对应的key文件

2.修改application.yml配置文件

server:
  port: 9100
  ssl:
    key-store: classpath:123_www.example.pfx #证书的路径
    key-store-password: 666666 #密码

3.挂载nginx及端口映射

docker run --name nginx01 -d -p 9101:80 -p 9103:443 --restart=always -v /home/nginx/log:/var/log/nginx -v /home/nginx/cert:/etc/nginx/cert -v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/conf.d:/etc/nginx/conf.d -v /home/nginx/html:/usr/share/nginx/html nginx

4.default.conf文件

upstream myapp{
 server ip:9100; #此处的ip写服务器的真实ip,因为是docker构建的，不然可能访问不到
 server ip:9101 backup; #备机
}
server {
    listen 443 ssl;  
  server_name www.example.com; 
  ssl_certificate certs/1_www.example.com.pem;  
  ssl_certificate_key certs/1_www.example.com.key; 
  
  ssl_session_timeout 5m;
  ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  
  ssl_session_cache shared:SSL:1m;
 
  fastcgi_param  HTTPS        on;
  fastcgi_param  HTTP_SCHEME     https;
  
    location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout   10s;
    proxy_send_timeout      60s;
    proxy_read_timeout      60s;
        proxy_ignore_client_abort   on;
    proxy_pass https://myapp/; #此处与上面的upstream处对应
    }
  
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}