nginx实现http访问

   server {

        listen        default_server;

        listen       [::]: default_server;

        server_name  _;

        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.10.137.5:8080/;

        }

       error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

nginx.conf

nginx由http升级为https

.创建服务器证书密钥文件 server.key:

openssl genrsa -des3 -out server.key

输入密码,确认密码,自己随便定义,但是要记住,后面会用到。

.创建服务器证书的申请文件 server.csr

openssl req -new -key server.key -out server.csr

输出内容为:

Enter pass phrase for root.key: ← 输入前面创建的密码

Country Name ( letter code) [AU]:CN ← 国家代号,中国输入CN

State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音

Locality Name (eg, city) []:BeiJing ← 市的全名,拼音

Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名

Organizational Unit Name (eg, section) []: ← 可以不输入

Common Name (eg, YOUR name) []: ← 此时不输入

Email Address []:admin@mycompany.com ← 电子邮箱,可随意填

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []: ← 可以不输入

An optional company name []: ← 可以不输入

.备份一份服务器密钥文件

cp server.key server.key.org

.去除文件口令

openssl rsa -in server.key.org -out server.key

.生成证书文件server.crt

openssl x509 -req -days  -in server.csr -signkey server.key -out server.crt

生成证书和私钥

[root@hz]# cd /etc/nginx/key

[root@hz]# openssl genrsa -des3 -out server.key

Generating RSA private key,  bit long modulus

..........................................++++++

....................++++++

e is  (0x10001)

Enter pass phrase for server.key:

Verifying - Enter pass phrase for server.key:

[root@hz-ds-itstool--- key]# ls

server.key

[root@hz-ds-itstool--- key]# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:beijing

Locality Name (eg, city) [Default City]:beijing

Organization Name (eg, company) [Default Company Ltd]:beijing

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@hz-ds-itstool--- key]# cp server.key server.key.org

[root@hz-ds-itstool--- key]# openssl rsa -in server.key.org -out server.key

Enter pass phrase for server.key.org:

writing RSA key

[root@hz-ds-itstool--- key]# openssl x509 -req -days  -in server.csr -signkey server.key -out server.crt

Signature ok

subject=/C=CN/ST=beijing/L=beijing/O=beijing

Getting Private key

[root@hz-ds-itstool--- key]# ls

server.crt  server.csr  server.key  server.key.org

实例生成配置

# For more information on configuration, see:

#   * Official English Documentation: http://nginx.org/en/docs/

#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections 1024;

}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;

    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  _;

        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.199.137.5:8095/;

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

# Settings for a TLS enabled server.

#

server {

  listen 443;  # https默认使用443端口

  server_name 10.199.137.5;  # 将0.0.0.0替换为你的网站域名或ip

  ssl on;

  ssl_certificate /etc/nginx/key/server.crt;

  ssl_certificate_key /etc/nginx/key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;

  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

  ssl_prefer_server_ciphers on;

  location / {

       proxy_pass http://10.199.137.5:8095/;

   }

 }

}

实例nginx.conf

http和https共存访问

强制https访问

server {

        listen ;

        server_name localhost_tp.com;//注意改为自己的域名

        rewrite ^(.*)$  https://$host$1 permanent;

}

配置项

# For more information on configuration, see:

#   * Official English Documentation: http://nginx.org/en/docs/

#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

    worker_connections 1024;

}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;

    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  10.199.137.5;

        rewrite ^(.*)$  https://$host$1 permanent;

        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {

          proxy_pass http://10.199.137.5:8095/;

        }

        error_page 404 /404.html;

            location = /40x.html {

        }

        error_page 500 502 503 504 /50x.html;

            location = /50x.html {

        }

    }

# Settings for a TLS enabled server.

#

server {

  listen 443 ssl;   # https默认使用443端口

  server_name 10.199.137.5;  # 将0.0.0.0替换为你的网站域名或ip

  ssl_certificate /etc/nginx/key/server.crt;

  ssl_certificate_key /etc/nginx/key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;

  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

  ssl_prefer_server_ciphers on;

  location / {

       proxy_pass http://10.199.137.5:8095/;

  }

 }

}

nginx.conf

配置后输入http地址后自动跳转到https访问地址

web由http升级为https搭建的更多相关文章

  1. Go语言及Web框架Beego环境无脑搭建

    [原]Go语言及Web框架Beego环境无脑搭建 本文涉及软件均以截至到2013年10月12日的最新版本为准 1. 相关软件准备: 1) go1.2rc1.windows-386.msi,对应32位w ...

  2. 从 http 升级到 https 过程中遇到的一些问题

    Apple 2017年1月1号起要求Appstore 上线的应用都必须使用 https 加密请求协议,在二月份又改为建议 从 http 升级为 https 协议,此为背景. 公司做的APP同时在App ...

  3. 网站通信协议升级到HTTPS&HTTP2

    为何要升级到HTTPS和HTTP2? http://baijiahao.baidu.com/s?id=1602041305989767011&wfr=spider&for=pc htt ...

  4. Http升级到Https (本地测试,无须域名和认证)

    在之前的语音识别的项目中,一切都在本地进行得很顺利,然后把写的Demo部署到服务器上给老大看的时候,通过IP访问(http://192.168.145.170:8080这样的形式)时,从一开始就坏掉了 ...

  5. Nginx http升级到https

    http和https的区别是 有的网站,http打开的时候,页面提示不安全,比如你点击下面的网站 [其实是同一个网站] http://www.511easy.com/bug/login http:// ...

  6. office web apps安装部署,配置https,负载均衡(七)配置过程中遇到的问题详细解答

    该篇文章,是这个系列文章的最后一篇文章,该篇文章将详细解答owa在安装过程中常见的问题. 如果您没有搭建好office web apps,您可以查看前面的一系列文章,查看具体步骤: office we ...

  7. nodejs从http升级到https(阿里云证书的使用)

    升级原因 1.各大搜索引擎中,https的网页的权重比一般的http的网页权重要高. 2.从用户体验的角度,一个老是被浏览器提醒该网页不可信的网页,总不会让用户感到安心 所以将网站从http升级为ht ...

  8. 全站从http升级到https(WordPress博客)

    最近几年HTTPS取代HTTP已经成为大趋势,HTTP是超文本传输协议,信息是明文传输的,而HTTPS是安全超文本传输协议,需要证书和提供安全连接,换句话说,HTTPS是嵌套了SSL加密的HTTP连接 ...

  9. 基于RHCS的web双机热备集群搭建

    基于RHCS的web双机热备集群搭建 RHCS集群执行原理及功能介绍 1. 分布式集群管理器(CMAN)  Cluster Manager.简称CMAN.是一个分布式集群管理工具.它执行在集群的各个节 ...

随机推荐

  1. 【oracle】定时任务

    --创建定时任务-------------------------------------------------------------------------------------------- ...

  2. 在Hadoop-3.1.2上安装HBase-2.2.1

    目录 目录 1 1. 前言 3 2. 缩略语 3 3. 安装规划 3 3.1. 用户规划 3 3.2. 目录规划 4 4. 相关端口 4 5. 下载安装包 4 6. 修改配置文件 5 6.1. 修改策 ...

  3. PATB1021个数统计

    参考代码: #include<cstdio> #include<cstring> #include<cstdlib> int main() { char str[1 ...

  4. [SDOi2012]Longge的问题(洛谷 2303)

    题目描述 Longge的数学成绩非常好,并且他非常乐于挑战高难度的数学问题.现在问题来了:给定一个整数N,你需要求出∑gcd(i, N)(1<=i <=N). 输入格式 一个整数,为N. ...

  5. ubuntu容器化开发系统配置 相关下载地址(laravel)

    ubuntu64位 18.04(开发使用桌面版本) Nginx PHP7.3 开发工具:PHPStorm 其他技术栈:laravel.VUE.NodeJs https://laravel.com/ h ...

  6. 使用kubernetes管理包的常用命令

    常用命令是: ## 获取指定命名空间(rubikt)下所有的部署的服务 kubectl.exe get deployments --namespace rubikt ## 获取制定命名空间(rubik ...

  7. mac系统中怎么打开rar/zip等压缩文件?

    平常使用mac的同学们,可能经常要接受下别人发过来的rar文件,可惜的时mac os x系统默认是不能打开rar文件(不知道以后苹果会支持rar不?),那么我们该如何去解圧rar文件,接下来我将介绍. ...

  8. 【06月18日】A股滚动市净率PB历史新低排名

    2010年01月01日 到 2019年06月18日 之间,滚动市净率历史新低排名. 上市三年以上的公司,2019年06月18日市净率在30以下的公司. 来源:A股滚动市净率(PB)历史新低排名. 1 ...

  9. .net core mvc中input保留多位小数

    本篇介绍:如何在mvc中使用html标签保留多位小数 你需要知道: @html标签的使用: https://blog.csdn.net/pasic/article/details/7093802 js ...

  10. WeakhashMap源码1

    弱引用(WeakReference)的特性是:当gc线程发现某个对象只有弱引用指向它,那么就会将其销毁并回收内存.WeakReference也会被加入到引用队列queue中. 它的特殊之处在于 Wea ...