nginx实现http访问

   server {

        listen        default_server;

        listen       [::]: default_server;

        server_name  _;

        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.10.137.5:8080/;

        }

       error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

nginx.conf

nginx由http升级为https

.创建服务器证书密钥文件 server.key:

openssl genrsa -des3 -out server.key

输入密码,确认密码,自己随便定义,但是要记住,后面会用到。

.创建服务器证书的申请文件 server.csr

openssl req -new -key server.key -out server.csr

输出内容为:

Enter pass phrase for root.key: ← 输入前面创建的密码

Country Name ( letter code) [AU]:CN ← 国家代号,中国输入CN

State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音

Locality Name (eg, city) []:BeiJing ← 市的全名,拼音

Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名

Organizational Unit Name (eg, section) []: ← 可以不输入

Common Name (eg, YOUR name) []: ← 此时不输入

Email Address []:admin@mycompany.com ← 电子邮箱,可随意填

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []: ← 可以不输入

An optional company name []: ← 可以不输入

.备份一份服务器密钥文件

cp server.key server.key.org

.去除文件口令

openssl rsa -in server.key.org -out server.key

.生成证书文件server.crt

openssl x509 -req -days  -in server.csr -signkey server.key -out server.crt

生成证书和私钥

[root@hz]# cd /etc/nginx/key

[root@hz]# openssl genrsa -des3 -out server.key

Generating RSA private key,  bit long modulus

..........................................++++++

....................++++++

e is  (0x10001)

Enter pass phrase for server.key:

Verifying - Enter pass phrase for server.key:

[root@hz-ds-itstool--- key]# ls

server.key

[root@hz-ds-itstool--- key]# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:beijing

Locality Name (eg, city) [Default City]:beijing

Organization Name (eg, company) [Default Company Ltd]:beijing

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@hz-ds-itstool--- key]# cp server.key server.key.org

[root@hz-ds-itstool--- key]# openssl rsa -in server.key.org -out server.key

Enter pass phrase for server.key.org:

writing RSA key

[root@hz-ds-itstool--- key]# openssl x509 -req -days  -in server.csr -signkey server.key -out server.crt

Signature ok

subject=/C=CN/ST=beijing/L=beijing/O=beijing

Getting Private key

[root@hz-ds-itstool--- key]# ls

server.crt  server.csr  server.key  server.key.org

实例生成配置

# For more information on configuration, see:

#   * Official English Documentation: http://nginx.org/en/docs/

#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections 1024;

}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;

    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  _;

        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.199.137.5:8095/;

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

# Settings for a TLS enabled server.

#

server {

  listen 443;  # https默认使用443端口

  server_name 10.199.137.5;  # 将0.0.0.0替换为你的网站域名或ip

  ssl on;

  ssl_certificate /etc/nginx/key/server.crt;

  ssl_certificate_key /etc/nginx/key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;

  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

  ssl_prefer_server_ciphers on;

  location / {

       proxy_pass http://10.199.137.5:8095/;

   }

 }

}

实例nginx.conf

http和https共存访问

强制https访问

server {

        listen ;

        server_name localhost_tp.com;//注意改为自己的域名

        rewrite ^(.*)$  https://$host$1 permanent;

}

配置项

# For more information on configuration, see:

#   * Official English Documentation: http://nginx.org/en/docs/

#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections 1024;

}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;

    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  10.199.137.5;

        rewrite ^(.*)$  https://$host$1 permanent;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.199.137.5:8095/;

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

# Settings for a TLS enabled server.

#

server {

  listen 443 ssl;   # https默认使用443端口

  server_name 10.199.137.5;  # 将0.0.0.0替换为你的网站域名或ip

  ssl_certificate /etc/nginx/key/server.crt;

  ssl_certificate_key /etc/nginx/key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;

  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

  ssl_prefer_server_ciphers on;

  location / {

       proxy_pass http://10.199.137.5:8095/;

  }

 }

}

nginx.conf

配置后输入http地址后自动跳转到https访问地址

web由http升级为https搭建的更多相关文章

  1. Go语言及Web框架Beego环境无脑搭建

    [原]Go语言及Web框架Beego环境无脑搭建 本文涉及软件均以截至到2013年10月12日的最新版本为准 1. 相关软件准备: 1) go1.2rc1.windows-386.msi,对应32位w ...

  2. 从 http 升级到 https 过程中遇到的一些问题

    Apple 2017年1月1号起要求Appstore 上线的应用都必须使用 https 加密请求协议,在二月份又改为建议 从 http 升级为 https 协议,此为背景. 公司做的APP同时在App ...

  3. 网站通信协议升级到HTTPS&HTTP2

    为何要升级到HTTPS和HTTP2? http://baijiahao.baidu.com/s?id=1602041305989767011&wfr=spider&for=pc htt ...

  4. Http升级到Https (本地测试,无须域名和认证)

    在之前的语音识别的项目中,一切都在本地进行得很顺利,然后把写的Demo部署到服务器上给老大看的时候,通过IP访问(http://192.168.145.170:8080这样的形式)时,从一开始就坏掉了 ...

  5. Nginx http升级到https

    http和https的区别是 有的网站,http打开的时候,页面提示不安全,比如你点击下面的网站 [其实是同一个网站] http://www.511easy.com/bug/login http:// ...

  6. office web apps安装部署,配置https,负载均衡(七)配置过程中遇到的问题详细解答

    该篇文章,是这个系列文章的最后一篇文章,该篇文章将详细解答owa在安装过程中常见的问题. 如果您没有搭建好office web apps,您可以查看前面的一系列文章,查看具体步骤: office we ...

  7. nodejs从http升级到https(阿里云证书的使用)

    升级原因 1.各大搜索引擎中,https的网页的权重比一般的http的网页权重要高. 2.从用户体验的角度,一个老是被浏览器提醒该网页不可信的网页,总不会让用户感到安心 所以将网站从http升级为ht ...

  8. 全站从http升级到https(WordPress博客)

    最近几年HTTPS取代HTTP已经成为大趋势,HTTP是超文本传输协议,信息是明文传输的,而HTTPS是安全超文本传输协议,需要证书和提供安全连接,换句话说,HTTPS是嵌套了SSL加密的HTTP连接 ...

  9. 基于RHCS的web双机热备集群搭建

    基于RHCS的web双机热备集群搭建 RHCS集群执行原理及功能介绍 1. 分布式集群管理器(CMAN)  Cluster Manager.简称CMAN.是一个分布式集群管理工具.它执行在集群的各个节 ...

随机推荐

  1. epoll及实现http多任务(python)

    1.epoll用到了文件描述符的概念: 首先,操作系统中一切皆文件 文件与文件描述符fd 文件是应用程序与系统(包括特定硬件设备)之间的桥梁,而文件描述符就是应用程序使用这个"桥梁" ...

  2. python paramiko与linux的连接

    两种使用paramiko连接到linux服务器的代码 方式一: 1 ssh = paramiko.SSHClient() 2 ssh.set_missing_host_key_policy(param ...

  3. Oracle客户端和服务端菜单区别

  4. Keras 中的 verbose 参数

    在 fit( ) 和 evaluate( ) 中 都有 verbose 这个参数,但都是表示日志显示的参数. 具体如下:  fit( ) 中 的 verbose 参数: verbose:日志显示ver ...

  5. nginx开启gzip的方法

    nginx开启gzip的方法 1.vi打开Nginx配置文件 <pre>vi /usr/local/nginx/conf/nginx.conf</pre> 2.找到如下一段,进 ...

  6. 拦截器配置类使用继承写法导致jackson的全局配置失效

    问题描述 项目中需要一个拦截器用于拦截请求,在没有请求中生成requestId.然后写了一个配置类,这个类继承了 WebMvcConfigurationSupport类,重写了addIntercept ...

  7. 螺旋折线-C++

    标题:螺旋折线 如图p1.png所示的螺旋折线经过平面上所有整点恰好一次. 对于整点(X, Y),我们定义它到原点的距离dis(X, Y)是从原点到(X, Y)的螺旋折线段的长度. 例如dis(0, ...

  8. Ubuntu18 安装搭建Harbor

    1.安装docker-compose1.下载docker-compose的最新版本 sudo curl -L "https://github.com/docker/compose/relea ...

  9. 不同路径II --动态规划

    一个机器人位于一个 m x n 网格的左上角 (起始点在下图中标记为“Start” ). 机器人每次只能向下或者向右移动一步.机器人试图达到网格的右下角(在下图中标记为“Finish”). 现在考虑网 ...

  10. Java学习:面向对象三大特征:封装、继承、多态之封装性

    面向对象三大特征:封装.继承.多态. 封装性在Java当中的体现: 方法就是一种封装 关键字private也是一种封装 封装就是将一些细节信息隐藏起来,对于外界不可见. 问题描述:定义Person的年 ...