# ningx 配置 https 协议和反向代理

# 1. 下载 1.24.0 版本的 nginx

下载成功后解压发送到服务器

# 2. 配置 nginx.config 文件

worker_processes  1;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  10;
server {
    listen 80;
    server_name yeblog.asia;  # 您的域名
    rewrite ^(.*)$  https://$host$1 permanent;
}
    server {
    	listen       443 ssl;
    	server_name  yeblog.asia;
    	ssl_certificate      1_yeblog.asia_bundle.crt;  # 这个是证书的crt文件所在目录
    	ssl_certificate_key  2_yeblog.asia.key;  # 这个是证书key文件所在目录
 
    	ssl_session_cache    shared:SSL:1m;
    	ssl_session_timeout  5m;
 
    	ssl_ciphers  HIGH:!aNULL:!MD5;
    	ssl_prefer_server_ciphers  on;
	location / {
            root   html/boke1/public;
            index  index.html index.htm;
        }
	location = /50x.html {
            root   index.html;
        }
	#location / {
        
	#	proxy_pass http://localhost/8888;
    
	#	proxy_set_header Host $host;
 
	#	proxy_set_header X-Real-IP $remote_addr;
        
	#	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
	#	proxy_set_header X-Forwarded-Proto https;
 
	#	proxy_redirect http:// https://;       
	#	}
	}
}

# 3. 修改配置

将 listen 改为需要监听的端口

将 server_name 修改为自己的域名

# 4. 配置 https

下载 ssl 证书放在 nginx.config 的同级目录下配置

ssl_certificate 1_yeblog.asia_bundle.crt; # 这个是证书的crt文件所在目录
ssl_certificate_key 2_yeblog.asia.pem

# 5. 设置 https 规则

默认加密规则无需更改

ssl_session_cache    shared:SSL:1m;
ssl_session_timeout  5m;

ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers  on;

# 6. 检查与上线

1）将静态资源放在 html 里面

2）通过 nginx.config 中的 root 指定根目录

location / {
            root   html/boke1/public;
            index  index.html;
}

3）通过 nginx -t 检查配置文件是否错误

4）双击 nginx.eve 启动 nginx 服务器